Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-50387 PoC — Microsoft DNS Server 安全漏洞

Source
https://github.com/Meirelez/SSR-DNSSEC
Associated Vulnerability
Title:Microsoft DNS Server 安全漏洞 (CVE-2023-50387)
Description:Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Description
In this repository you can find the files used to try to produce a POC for the CVE-2023-50387
Readme
The DNS infrastructure used for this PoC was the one suggested on the SEED Labs, available at: https://seedsecuritylabs.org/Labs_20.04/Networking/DNS/DNSSEC/, with some minor changes. 
The infrastructure, consists of a root server, a top-level domain server for edu, a domain server for example.edu, and a local DNS server.
![image](https://github.com/Meirelez/SSR-DNSSEC/assets/35565242/17b78a1e-1441-4df8-94b3-35fe06f12904)
File Snapshot

 [4.0K]  /data/pocs/4c99ad9a787ad5abc068ff4556409546758fd1e4
├── [4.0K]  Colliding Keys
│   ├── [4.0K]  1
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  10
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  11
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  2
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  3
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  4
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  5
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  6
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  7
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   ├── [4.0K]  8
│   │   ├── [ 342]  Kexample.edu.+013+34345.key
│   │   └── [ 187]  Kexample.edu.+013+34345.private
│   └── [4.0K]  9
│       ├── [ 342]  Kexample.edu.+013+34345.key
│       └── [ 187]  Kexample.edu.+013+34345.private
├── [2.1K]  example.edu.db
├── [5.6K]  example.edu.db.signed
├── [ 582]  KeyGenerator.sh
├── [1.8K]  KeySigGen.py
└── [ 426]  README.md

12 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →