In Windows Server 2003 IIS6. 0 the WebDAV service ScStoragePathFromUrl a function of the presence buffer overflow vulnerability, an attacker by a order“If: <http://” at the beginning of a longer header
head PROPFIND
request arbitrary code execution. Currently the vulnerability for install IIS6 Windows Server 2003 R2 system can be stabilized using the vulnerability as early as 2016, 7,8 month would have started on the outside is the use.
Use the following PoC test in the target server back-end perform calc.exe
, testing the PoC in the IIS default site to open the WebDAV
extension be reproducible. As follows: