Add CVE-2017-7269
aron
parent
1d436a4837
commit
34cd2d060e
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: cve-2017-7269
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CVE-2017-7269
|
||||||
|
author: thomas_from_offensity
|
||||||
|
severity: critical
|
||||||
|
description: RCE - Buffer overflow in ScStoragePathFromUrl function (WebDAV service - IIS 6.0) - Windows Server 2003 R2
|
||||||
|
|
||||||
|
# this was implemented based on the "check"-method in:
|
||||||
|
# https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: OPTIONS
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "IIS/6.0"
|
||||||
|
part: header
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- regex("<DAV:sql>", dasl) # lowercase header name: DASL
|
||||||
|
- regex("[\d]+(,\s+[\d]+)?", dav) # lowercase header name: DAV
|
||||||
|
- regex(".*?PROPFIND", public) # lowercase header name: Public
|
||||||
|
- regex(".*?PROPFIND", allow) # lowercase header name: Allow
|
||||||
|
condition: or
|
||||||
|
part: header
|
||||||
Loading…
Reference in New Issue