Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).
86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cb
Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions.
f5cd05c837ee40cc8d76e4b5fce64d92ed540c8b1d92111ed48c20b1a0540540
The vulnerability is caused by a tilde character "~" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames (short names). In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug (GET request). This was publicly disclosed in 2012. In 2014, Soroush Dalili discovered that newer IIS installations are vulnerable with OPTIONS.
c2c9b14cdb1063f52d66445d57e8c716ba76df1d1393a1bdd2559d0ffd10e0bf
This Metasploit module bypasses basic authentication for Internet Information Services (IIS). By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication.
81c7985df2aff0d30d1f7d3ade0d49b345a4a07669ede4729c9660062ed8657d
This Metasploit module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for remote code execution.
abed1f5c04a53ec53d5c8c7b407c490b68fdb3bae004065e4060e14c0df5f32a
This Metasploit module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the "FTP Publishing" must be configured as "manual" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.
67404248bb76198423211333f1d01b1d47d12b762daf1e199c5e9619ec7c4de7
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.
dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.
453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaa
This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4
Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.
31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edb
The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.
cc742e348803b4bebccc7e0c52ac2c3b04a64d189f3658425747a6b6c29779ab
IIS 5 suffers from an authentication bypass vulnerability.
37ea748726abfdcf90c5f620168c130aaee2fc345aa57be4c08c7f6c6dc47a6a
IISWorks FileMan suffers from a database disclosure vulnerability.
38a4d64b8d788622a623151962b2b3e155249abd41c88ae39dc024e0fd6dba57
This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.
4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524
This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.
3951e4d38ce2fbd2a74fe1c2298d117fcdff1053e5434ddda7f24fd0890d02b5
This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.
258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00
Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.
ed41a61ee6a96323a70d1473d264138fe153fd8d0c341f6b6c99253319cc1ba0
Microsoft IIS version 5.0 FTP server remote stack overflow exploit for Windows 2000 SP4. Binds a shell to port 4444.
ce40cb6da965a415dbfc5397a6839d38275511d3ed979f7ce1fdfec8d8278203
Microsoft IIS versions 5.0 and 6.0 FTP server remote stack overflow exploit for Windows 2000.
19aff66ba11cf22843fc9c8141c7d0a3402067ee062ec94813adce26357def3d
Microsoft IIS version 6.0 suffers from a WebDAV remote authentication bypass vulnerability.
ed317aa9d45ad84a8984658e30b3b9bad93a6b391762859bbceb67cb7aa1cb6b
Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.
befbaf311c1be1ef98f6433ed95ff3daee31ee10c817e56192b648bb3118e662
IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.
5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
Microsoft IIS 5.1 malformed URI denial of service exploit.
837498a4d744d992373c5ed655af6324ffb4059f266d8a1030be1af897c8de58
It appears that malformed HTTP requests to IIS versions 5.0, 5.1, and 6.0 allow for a remote crash of the service.
6d185deb53682ef93b3fa88fdec275761c1a6503427ac16a9c6c4de27066e357
Remote buffer overflow exploit for the w3who.dll in Microsoft Windows 2000. Drops to a command shell.
791c811f7b49febb9fa1bb40a85b1ab1d9f1f2712120f52a797cf5c3770e9942
IIS 5 null pointer proof of concept exploit.
80e021ee49bc8b8c86efd67d2904ce71e04ef0648b422b39cee57bf1dfef4527