|
Penetration Testing
mailing list archives
Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: 18 Mar 2003 21:25:36 +0100
I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
Buffer Overflow Vulnerability. However I don't have enough information about
the vulnerability, e.g. which webdav component is vulnerable, how it is
exploited i.e. where does the large string need to be to cause the overrun.
I don't know webdav but if i get enough information about the request i need
to send to the web server to cause a crash I will write some exploit code
(in perl) and share with the community.
You could give a look to the related Nessus plugin :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/iis_webdav_overflow.nasl
Regards,
--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
Attachment:
signature.asc
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
| 
