关联漏洞
标题:
Microsoft Internet Information Services 缓冲区错误漏洞
(CVE-2017-7269)
描述:Microsoft Windows Server 2003 R2是美国微软(Microsoft)公司发布的一套服务器操作系统。Internet Information Services(IIS)是一套运行于Microsoft Windows中的互联网基本服务。 Microsoft Windows Server 2003 R2中的IIS 6.0版本中的WebDAV服务的‘ScStoragePathFromUrl’函数存在缓冲区溢出漏洞。远程攻击者可通过发送特制的PROPFIND请求利用该漏洞执行任意代码。
描述
Windows Server 2003 & IIS 6.0 - Remote Code Execution
介绍
<div align="center">
<img src="https://blogs.cappriciosec.com/uploaders/CVE-2020-35489-tool.png" alt="logo">
</div>
## Badges
[](https://choosealicense.com/licenses/mit/)



<a href="https://github.com/Cappricio-Securities/CVE-2017-7269/releases/"><img src="https://img.shields.io/github/release/Cappricio-Securities/CVE-2017-7269"></a>
[](https://twitter.com/cappricio_sec)
<p align="center">
<p align="center">
## License
[MIT](https://choosealicense.com/licenses/mit/)
## Installation
1. Install Python3 and pip [Instructions Here](https://www.python.org/downloads/) (If you can't figure this out, you shouldn't really be using this)
- Install via pip
- ```bash
pip install CVE-2017-7269
```
- Run bellow command to check
- `CVE-2017-7269 -h`
## Configurations
2. We integrated with the Telegram API to receive instant notifications for vulnerability detection.
- Telegram Notification
- ```bash
CVE-2017-7269 --chatid <YourTelegramChatID>
```
- Open your telegram and search for [`@CappricioSecuritiesTools_bot`](https://web.telegram.org/k/#@CappricioSecuritiesTools_bot) and click start
## Usages
3. This tool has multiple use cases.
- To Check Single URL
- ```bash
CVE-2017-7269 -u http://example.com
```
- To Check List of URL
- ```bash
CVE-2017-7269 -i urls.txt
```
- Save output into TXT file
- ```bash
CVE-2017-7269 -i urls.txt -o out.txt
```
- Want to Learn about [`CVE-2017-7269`](https://blogs.cappriciosec.com/cve/155/WebDAV's%20Achilles%20Heel%20-%20CVE-2017-7269%20(Microsoft%20IIS%206.0%20Remote%20Code%20Execution))? Then Type Below command
- ```bash
CVE-2017-7269 -b
```
<p align="center">
<b>🚨 Disclaimer</b>
</p>
<p align="center">
<b>This tool is created for security bug identification and assistance; Cappricio Securities is not liable for any illegal use.
Use responsibly within legal and ethical boundaries. 🔐🛡️</b></p>
## Working PoC Video
[](https://asciinema.org/a/hmo5sBupJcxkU9vsLOlUPDGfC)
## Help menu
#### Get all items
```bash
👋 Hey Hackers
v1.0
_______ ________ ___ ____ ________ ________ _____ ____
/ ____/ | / / ____/ |__ \ / __ < /__ / /__ /__ \ / ___// __ \
/ / | | / / __/________/ // / / / / / /_____/ /__/ // __ \/ /_/ /
/ /___ | |/ / /__/_____/ __// /_/ / / / /_____/ // __// /_/ /\__, /
\____/ |___/_____/ /____/\____/_/ /_/ /_//____/\____//____/
Developed By https://cappriciosec.com
CVE-2017-7269 : Bug scanner for WebPentesters and Bugbounty Hunters
$ CVE-2017-7269 [option]
Usage: CVE-2017-7269 [options]
```
| Argument | Type | Description | Examples |
| :-------- | :------- | :------------------------- | :------------------------- |
| `-u` | `--url` | URL to scan | CVE-2017-7269 -u https://target.com |
| `-i` | `--input` | filename Read input from txt | CVE-2017-7269 -i target.txt |
| `-o` | `--output` | filename Write output in txt file | CVE-2017-7269 -i target.txt -o output.txt |
| `-c` | `--chatid` | Creating Telegram Notification | CVE-2017-7269 --chatid yourid |
| `-b` | `--blog` | To Read about CVE-2017-7269 Bug | CVE-2017-7269 -b |
| `-h` | `--help` | Help Menu | CVE-2017-7269 -h |
## 🔗 Links
[](https://cappriciosec.com/)
[](https://www.linkedin.com/in/karthikeyan--v/)
[](https://twitter.com/karthithehacker)
## Author
- [@karthithehacker](https://github.com/karthi-the-hacker/)
## Feedback
If you have any feedback, please reach out to us at contact@karthithehacker.com
文件快照
[4.0K] /data/pocs/94b4eef134a53fc7c31c8d08acb429c3c41b96fd
├── [4.0K] cve20177269
│ ├── [4.0K] includes
│ │ ├── [ 651] bot.py
│ │ ├── [ 468] filereader.py
│ │ ├── [ 0] __init__.py
│ │ ├── [2.1K] scan.py
│ │ └── [ 283] writefile.py
│ ├── [1.7K] main.py
│ └── [4.0K] utils
│ ├── [1.9K] configure.py
│ ├── [ 887] const.py
│ ├── [2.2K] helpers.py
│ ├── [ 0] __init__.py
│ └── [ 227] status.py
├── [1.0K] LICENSE
├── [4.6K] README.md
└── [ 991] setup.py
3 directories, 14 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。