Exploitation Summary
EIP tracks 4 public exploits for CVE-2009-4769.
PoCs published by Metasploit, jduck, including Metasploit module exploits/windows/http/httpdx_tolog_format.
AI-analyzed exploit summary This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server (CVE-2009-4769) by sending a crafted HTTP request with format specifiers to corrupt memory and execute arbitrary code. It supports multiple versions of HTTPDX and includes automatic targeting via fingerprinting.
Description
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
Exploits (4)
This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server (CVE-2009-4769) by sending a crafted HTTP request with format specifiers to corrupt memory and execute arbitrary code. It supports multiple versions of HTTPDX and includes automatic targeting via fingerprinting.
This Metasploit module exploits a format string vulnerability in HTTPDX FTP server (CVE-2009-4769) by sending a crafted FTP command to corrupt memory and execute arbitrary code. It supports multiple versions of HTTPDX and uses an egghunter for payload delivery.
This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server (CVE-2009-4769) by sending crafted HTTP requests with format specifiers to corrupt memory and execute arbitrary code. It uses an egghunter to locate and execute the payload in memory.
This Metasploit module exploits a format string vulnerability in HTTPDX FTP server (CVE-2009-4769) by sending crafted FTP commands to corrupt memory and execute arbitrary code. It uses an egghunter and format string manipulation to achieve remote code execution.