| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041013175159.99284.qmail@web52208.mail.yahoo.com> From: karmic_nirvana at yahoo.com (nirvana) Subject: MS04-030 WebDAV XML Parsing - Need Details I tried attributes in a single tag too, like... <x:elem x:attr="value" x:attr="value" x:attr="value" x:attr="value" x:attr="value"...........so on /> --- nirvana <karmic_nirvana@...oo.com> wrote: > Hi List, > I've been trying to reproduce this vulnerability > (MS04-030) on my unpatched IIS. I am sending a > request > with a element which has multiple/many attributes. > With my limited knowlegde of WebDAV, I think the > attributes per-element can be sent in two ways > 1.in one line, in the element tag only > 2.in multiple per attribute tags. > > The request I am sending is something like this (XML > Data only from a PROPFIND Request, with multiple > tags)... > > <?xml version="1.0" encoding="utf-8" ?> > <D:propfind xmlns:D="DAV:"> > <D:prop xmlns:ns="DAV:"><ns:displayname/> > <ns:displayname> > <attrib1>a</attrib1> > <attrib1>a</attrib1> > . > . > . > . > <attrib1>a</attrib1> > </ns:displayname> > </D:prop> > </D:propfind> > > > > Plz feel free to rant me if I doin wrong :). > > Thanks. > > > > > > > > __________________________________ > Do you Yahoo!? > Read only the mail you want - Yahoo! Mail SpamGuard. > http://promotions.yahoo.com/new_mail > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Powered by blists - more mailing lists