Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MS04-030 WebDAV XML Parsing - Need Details
From: nirvana <karmic_nirvana () yahoo com>
Date: Wed, 13 Oct 2004 10:10:18 -0700 (PDT)

Hi List,
I've been trying to reproduce this vulnerability
(MS04-030) on my unpatched IIS. I am sending a request
with a element which has multiple/many attributes.
With my limited knowlegde of WebDAV, I think the
attributes per-element can be sent in two ways 
1.in one line, in the element tag only 
2.in multiple per attribute tags.

The request I am sending is something like this (XML
Data only from a PROPFIND Request, with multiple
tags)...

<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
  <D:prop xmlns:ns="DAV:"><ns:displayname/>
    <ns:displayname>
    <attrib1>a</attrib1>
    <attrib1>a</attrib1>
.
.
.
.
    <attrib1>a</attrib1>
  </ns:displayname>
  </D:prop>
</D:propfind>



Plz feel free to rant me if I doin wrong :).

Thanks.






                
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault