CVE-2002-0289 PoC — Phusion Webserver超长URL引起缓冲区溢出漏洞

Source

https://github.com/alt3kx/CVE-2002-0289

Associated Vulnerability

Title:Phusion Webserver超长URL引起缓冲区溢出漏洞 (CVE-2002-0289)
Description:Phusion Webserver是一个商业的HTTP服务器，它运行于Microsoft Windows平台。 Phusion Webserver存在一个缓冲区溢出漏洞。 Phusion Webserver没有对额外提交的数据进行充分的边界检查。所以一个远程攻击者提交一个超长的web请求将引起堆变量被攻击者提交的数据结构覆盖。 Microsoft Windows平台上的web服务器通常以SYSTEM权限运行，这将使攻击者可以完全控制目标主机。这个缓冲区溢出问题同样能引起拒绝服务攻击。

Description

Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow

Readme

# CVE-2002-0289
Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow

Exploit-db publication at https://www.exploit-db.com/exploits/21294/

Phusion WebServer 1.0 - Long URL Denial of Service

Exploit-db publication at https://www.exploit-db.com/exploits/21293/

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>

File Snapshot


 [4.0K]  /data/pocs/a77f8de3bf21806ba2b0acd45db6b5b9b0fd4d41
├── [1.8K]  1_CVE-2002-0289.txt
├── [5.6K]  2_CVE-2002-0289.txt
├── [ 34K]  LICENSE
└── [ 371]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!