Re: MS04-030 WebDAV XML Parsing - Need Details

[nirvana <karmic_nirvana () yahoo com>]

I tried attributes in a single tag too, like...

<x:elem x:attr="value" x:attr="value" x:attr="value"
x:attr="value" x:attr="value"...........so on />


--- nirvana <karmic_nirvana () yahoo com> wrote:

> Hi List,
> I've been trying to reproduce this vulnerability
> (MS04-030) on my unpatched IIS. I am sending a
> request
> with a element which has multiple/many attributes.
> With my limited knowlegde of WebDAV, I think the
> attributes per-element can be sent in two ways 
> 1.in one line, in the element tag only 
> 2.in multiple per attribute tags.
>
> The request I am sending is something like this (XML
> Data only from a PROPFIND Request, with multiple
> tags)...
>
> <?xml version="1.0" encoding="utf-8" ?>
> <D:propfind xmlns:D="DAV:">
>   <D:prop xmlns:ns="DAV:"><ns:displayname/>
>     <ns:displayname>
>     <attrib1>a</attrib1>
>     <attrib1>a</attrib1>
> .
> .
> .
> .
>     <attrib1>a</attrib1>
>   </ns:displayname>
>   </D:prop>
> </D:propfind>
>
>
>
> Plz feel free to rant me if I doin wrong :).
>
> Thanks.
>
>
>
>
>
>
>               
> __________________________________
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
> http://promotions.yahoo.com/new_mail 
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html