what you don't know can hurt you
Showing 1 - 25 of 69 RSS Feed

Files

iis-unicode.txt
Posted Oct 17, 2000
Authored by rain forest puppy | Site wiretrip.net

rain forest puppy's investigation of the recent Microsoft IIS remote command execution vulnerability which was first mentioned in a ms00-078. UNICODE character translation on foreign IIS 4.0 and 5.0 servers allows additional ways of encoding '/' and '\', allowing commands to be executed under the IUSR_machine context.

tags | exploit, remote
MD5 | 0747c7e7a7c3fccad5338bc0d6e7aed9

Related Files

Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
MD5 | 95f8dd847406e195cfd9f81ff602c626
MS IIS 6.0 Buffer Overflow NSE Script
Posted Apr 8, 2017
Authored by Rewanth Cool

This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-7269
MD5 | 08f772211b70b9d815fa21c0596c9d7d
Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
Posted Sep 29, 2014
Authored by Nate Power | Site metasploit.com

This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.

tags | exploit, web, info disclosure
MD5 | eafa43771f313779174c92917d0efc66
Microsoft IIS 6.0 / 7.5 Authentication Bypass
Posted Jun 11, 2012
Authored by Kingcope

Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.

tags | exploit, vulnerability, bypass
MD5 | da7102006bae4b9bac7cab98cd26ed40
ISSA Ireland Security Conference 2011 Call For Papers
Posted Mar 29, 2011
Site issaireland.org

The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.

tags | paper, conference
MD5 | 21f010838dedd1af05b535b5990c687a
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 07c656d13fd4460e1535a801e74a424d
IISWorks FileMan Remote User Database Disclosure
Posted Jun 16, 2010
Authored by j0fer

IISWorks FileMan suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 11ede7dce6a48903d4690b23bf10afc3
Microsoft IIS WebDAV Write Access Code Execution
Posted Feb 10, 2010
Site metasploit.com

This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.

tags | exploit, asp
MD5 | 82c7cccc401998d74c7ac1163e6b8cca
Microsoft IIS ASP Bypass
Posted Dec 30, 2009
Authored by crossbower, emgent

This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.

tags | exploit, shell, tcp, shellcode
MD5 | dd6543831121442bfbd91e5ab261697f
Microsoft IIS Semi-Colon Mitigation Code
Posted Dec 30, 2009
Authored by Derek Soeder

This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.

MD5 | db33583aeba8b7ee1bfde1461d772560
IIS 5.0 FTP Stack Overflow Exploit
Posted Nov 18, 2009
Authored by Kingcope, Mati Aharoni, Tomoki Sanaki

Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.

tags | exploit, remote
systems | windows
MD5 | 68d064d65a63424979f4a1bb52027914
Microsoft IIS 5.0 FTP Stack Overflow
Posted Sep 1, 2009
Authored by Mati Aharoni

Microsoft IIS version 5.0 FTP server remote stack overflow exploit for Windows 2000 SP4. Binds a shell to port 4444.

tags | exploit, remote, overflow, shell
systems | windows, 2k
MD5 | c2cc8af6d9d82dfcc56b9151dc1099a3
Microsoft IIS FTP Server Stack Overflow
Posted Sep 1, 2009
Authored by Kingcope

Microsoft IIS versions 5.0 and 6.0 FTP server remote stack overflow exploit for Windows 2000.

tags | exploit, remote, overflow
systems | windows, 2k
MD5 | bb528e3fd82398a267969e0400fe2ef9
Microsoft IIS 6.0 WebDAV Bypass
Posted May 16, 2009
Authored by Kingcope

Microsoft IIS version 6.0 suffers from a WebDAV remote authentication bypass vulnerability.

tags | exploit, remote, bypass
MD5 | 55ed3574d7a596caacc1d4f336c32e7e
iis-dos.txt
Posted May 22, 2007
Authored by Kingcope

Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 9ef1fdbcdc6d76769481a583c7b474e9
iis51asp.txt
Posted Dec 15, 2006
Authored by Brett Moore SA

IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.

tags | advisory, shell, asp
MD5 | 27c670b23ab54e041855dfd8e033d2a7
iisCrash.txt
Posted Dec 27, 2005
Authored by Inge Henriksen | Site ingehenriksen.blogspot.com

It appears that malformed HTTP requests to IIS versions 5.0, 5.1, and 6.0 allow for a remote crash of the service.

tags | advisory, remote, web
MD5 | 5e579b4a674fbf2f18d8267802f499e7
iis_w3who_overflow.pm
Posted Jan 12, 2005
Authored by H D Moore | Site metasploit.com

Remote buffer overflow exploit for the w3who.dll in Microsoft Windows 2000. Drops to a command shell.

tags | exploit, remote, overflow, shell
systems | windows, 2k
advisories | CVE-2004-1134
MD5 | b5ac5a1122b0563bf7f3907983af3280
iis.pl.txt
Posted Oct 26, 2004
Authored by Diabolic Crab | Site digitalparadox.org

IIS 5 null pointer proof of concept exploit.

tags | exploit, proof of concept
MD5 | 23b1b5d7f0723ecce0391aef1ccf374a
iis5x60.txt
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
MD5 | d636fbfbfd62a943037a1b53f5ac87d5
IIS-DoS.c
Posted Jul 18, 2003
Authored by Rizzy

Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.

tags | exploit, remote, denial of service, overflow
MD5 | 28883908e092c49535e0ffceaa364f9e
iisDoS.txt
Posted May 29, 2003
Authored by SPI Labs | Site spidynamics.com

Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.

tags | exploit, denial of service
MD5 | 466be4f57551e6a920e9059e50eaddf3
IISUnicodeExplained.doc
Posted Nov 17, 2002
Authored by Gary Brooks

This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.

tags | paper
MD5 | ab7336660866d82a2bb7998a13278186
iispop.txt
Posted Nov 17, 2002
Authored by Securma Massine

The IISPop E-Mail Server from Curtiscomp.com is vulnerable to a denial of service attack via a simple buffer overflow on the listening daemon.

tags | denial of service, overflow
MD5 | 04417c2792a5c0f0654341aaafa04945
iis_impersonation.txt
Posted Nov 13, 2002
Authored by Li0n | Site li0n.pe.kr

Microsoft IIS 4.0, 5.0, and 5.1 has a vulnerability in dllhost.exe which allows local users to gain SYSTEM privilege. This vulnerability arises from the fact that the process of dllhost.exe harbors an impersonation token of SYSTEM account while processing user's request.

tags | local
MD5 | 80910abd1d824c35655b9c233c3a6de0
Page 1 of 3
Back123Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close