exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 71 RSS Feed


Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
SHA-256 | 86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cb

Related Files

Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
SHA-256 | dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
MS IIS 6.0 Buffer Overflow NSE Script
Posted Apr 8, 2017
Authored by Rewanth Cool

This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-7269
SHA-256 | 453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaa
Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
Posted Sep 29, 2014
Authored by Nate Power | Site metasploit.com

This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.

tags | exploit, web, info disclosure
SHA-256 | 9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4
Microsoft IIS 6.0 / 7.5 Authentication Bypass
Posted Jun 11, 2012
Authored by Kingcope

Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.

tags | exploit, vulnerability, bypass
SHA-256 | 31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edb
ISSA Ireland Security Conference 2011 Call For Papers
Posted Mar 29, 2011
Site issaireland.org

The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.

tags | paper, conference
SHA-256 | cc742e348803b4bebccc7e0c52ac2c3b04a64d189f3658425747a6b6c29779ab
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 37ea748726abfdcf90c5f620168c130aaee2fc345aa57be4c08c7f6c6dc47a6a
IISWorks FileMan Remote User Database Disclosure
Posted Jun 16, 2010
Authored by j0fer

IISWorks FileMan suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 38a4d64b8d788622a623151962b2b3e155249abd41c88ae39dc024e0fd6dba57
Microsoft IIS WebDAV Write Access Code Execution
Posted Feb 10, 2010
Site metasploit.com

This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.

tags | exploit, asp
SHA-256 | 4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524
Microsoft IIS ASP Bypass
Posted Dec 30, 2009
Authored by crossbower, emgent

This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.

tags | exploit, shell, tcp, shellcode
SHA-256 | 3951e4d38ce2fbd2a74fe1c2298d117fcdff1053e5434ddda7f24fd0890d02b5
Microsoft IIS Semi-Colon Mitigation Code
Posted Dec 30, 2009
Authored by Derek Soeder

This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.

SHA-256 | 258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00
IIS 5.0 FTP Stack Overflow Exploit
Posted Nov 18, 2009
Authored by Kingcope, Mati Aharoni, Tomoki Sanaki

Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.

tags | exploit, remote
systems | windows
SHA-256 | ed41a61ee6a96323a70d1473d264138fe153fd8d0c341f6b6c99253319cc1ba0
Microsoft IIS 5.0 FTP Stack Overflow
Posted Sep 1, 2009
Authored by Mati Aharoni

Microsoft IIS version 5.0 FTP server remote stack overflow exploit for Windows 2000 SP4. Binds a shell to port 4444.

tags | exploit, remote, overflow, shell
systems | windows
SHA-256 | ce40cb6da965a415dbfc5397a6839d38275511d3ed979f7ce1fdfec8d8278203
Microsoft IIS FTP Server Stack Overflow
Posted Sep 1, 2009
Authored by Kingcope

Microsoft IIS versions 5.0 and 6.0 FTP server remote stack overflow exploit for Windows 2000.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 19aff66ba11cf22843fc9c8141c7d0a3402067ee062ec94813adce26357def3d
Microsoft IIS 6.0 WebDAV Bypass
Posted May 16, 2009
Authored by Kingcope

Microsoft IIS version 6.0 suffers from a WebDAV remote authentication bypass vulnerability.

tags | exploit, remote, bypass
SHA-256 | ed317aa9d45ad84a8984658e30b3b9bad93a6b391762859bbceb67cb7aa1cb6b
Posted May 22, 2007
Authored by Kingcope

Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | befbaf311c1be1ef98f6433ed95ff3daee31ee10c817e56192b648bb3118e662
Posted Dec 15, 2006
Authored by Brett Moore SA

IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.

tags | advisory, shell, asp
SHA-256 | 5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
Posted Dec 28, 2005
Authored by Lympex | Site l-bytes.tk

Microsoft IIS 5.1 malformed URI denial of service exploit.

tags | exploit, denial of service
SHA-256 | 837498a4d744d992373c5ed655af6324ffb4059f266d8a1030be1af897c8de58
Posted Dec 27, 2005
Authored by Inge Henriksen | Site ingehenriksen.blogspot.com

It appears that malformed HTTP requests to IIS versions 5.0, 5.1, and 6.0 allow for a remote crash of the service.

tags | advisory, remote, web
SHA-256 | 6d185deb53682ef93b3fa88fdec275761c1a6503427ac16a9c6c4de27066e357
Posted Jan 12, 2005
Authored by H D Moore | Site metasploit.com

Remote buffer overflow exploit for the w3who.dll in Microsoft Windows 2000. Drops to a command shell.

tags | exploit, remote, overflow, shell
systems | windows
advisories | CVE-2004-1134
SHA-256 | 791c811f7b49febb9fa1bb40a85b1ab1d9f1f2712120f52a797cf5c3770e9942
Posted Oct 26, 2004
Authored by Diabolic Crab | Site digitalparadox.org

IIS 5 null pointer proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 80e021ee49bc8b8c86efd67d2904ce71e04ef0648b422b39cee57bf1dfef4527
AQTRONIX Security Advisory AQ-2003-02
Posted Jan 6, 2004
Authored by Parcifal Aertssen | Site aqtronix.com

AQTRONIX Security Advisory AQ-2003-02 - When an HTTP request with the verb TRACK under Microsoft IIS 5.0 is performed, the transaction is not logged. This can lead to the server being utilized for XST attacks along with other tactics for information gathering. Microsoft silently fixed this bug in IIS 6.0.

tags | advisory, web
SHA-256 | 1cc8f2eec00f14d310835e89c0e3a53b9d47467a9845df76a8e8d4c71dfffb75
Posted Jul 18, 2003
Authored by Rizzy

Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.

tags | exploit, remote, denial of service, overflow
SHA-256 | 44d770ea27a8490f768df00ddd53357cee60223940c04a835e294debe42339e3
Posted May 29, 2003
Authored by SPI Labs | Site spidynamics.com

Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.

tags | exploit, denial of service
SHA-256 | 67114ae0520ebab576e477197853235affe77007a602ac27dc47708e61cc7c11
Posted Mar 18, 2003
Site cert.org

CERT Advisory CA-2003-09 - A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. An overflow in ntdll.dll of WebDAV allows remote users to execute code in the local system context. See also ms03-007.

tags | remote, overflow, local
systems | windows
SHA-256 | 708a6e42bc3ff4aa44e0028cb77a1cc2907b40c01604aeadc7ebfc4e3a3b1b0f
Posted Nov 17, 2002
Authored by Gary Brooks

This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.

tags | paper
SHA-256 | 68fbbf6b12fa6d1da1c65f239128400e7232673eba42d725b52a0e5200e2b6df
Page 1 of 3

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By