|
[i]
Title:
Hasbani-WindWeb/2.0 - HTTP GET Remote DoS
[i] Discovered by: Expanders [i] Exploit by: Expanders [ What is Hasbani-WindWeb/2.0 ]
Hasbani server is a httpd created for menaging
ethernet routers and adsl modems.
[ Why HTTPD crash? ]
Causes of DoS are not perfecly known by me 'cos i
can't debug a chip-integrated http daemon.
Btw seems that Hasbani enter a loop in a GET /..:..:..etc. condition, causes that when an attacker reguest a long crafted string server enter an endless loop with conseguenly crash of the httpd. NOTE: This exploit DON'T drop down victim's adsl
connection!
[ Exploit ]
Attacked or
[ Timeline ]
This vulnerability was not comunicated because i
did'n find Hasbani's vendor.
[ Links ]
|
XH-Hasbani-HTTPD-DoS.c
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
