CVE-2022-21907 PoC — Microsoft Windows 安全漏洞

Source

Associated Vulnerability

Description

Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http. sys, which handles most basic IIS operations.

Readme

# nmap-CVE-2022-21907
Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http.sys, which handles most basic IIS operations. After uploading the payload, the server should stop working (DoS).

## Usage
```
┌──(kali㉿kali)-[~/nmap-CVE-2022-21907]
└─$ nmap <target> --script=./nmap-CVE-2022-21907.nse
(...)
PORT     STATE SERVICE    REASON  VERSION
8080/tcp open  http-proxy syn-ack
| nmap-CVE-2022-21907: 
|   VULNERABLE:
|   CVE-2022-21907 - DOS
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-21907
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907
```

## License
Same as Nmap. See https://nmap.org/book/man-legal.html

File Snapshot

 [4.0K]  /data/pocs/22224350421bd7c199f47170f01b92b10ecd67af
├── [2.5K]  nmap-CVE-2022-21907.nse
└── [ 820]  README.md

0 directories, 2 files

Remarks