Penetration_Testing_POC

admin/Penetration_Testing_POC

Fork 0

mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-08-12 11:06:04 +00:00

History

mr-xn de7349e0fb upload img md rb file

2019-08-20 12:12:55 +08:00

1.png

upload img md rb file

2019-08-20 12:12:55 +08:00

2.png

upload img md rb file

2019-08-20 12:12:55 +08:00

3.png

upload img md rb file

2019-08-20 12:12:55 +08:00

4.png

upload img md rb file

2019-08-20 12:12:55 +08:00

5.png

upload img md rb file

2019-08-20 12:12:55 +08:00

cve-2017-7269.rb

upload img md rb file

2019-08-20 12:12:55 +08:00

CVE-2017-7269_remote_echo.py

upload CVE-2017-7269

2019-08-20 12:00:50 +08:00

example.png

upload CVE-2017-7269

2019-08-20 12:00:50 +08:00

readme.md

upload img md rb file

2019-08-20 12:12:55 +08:00

详细信息.md

upload img md rb file

2019-08-20 12:12:55 +08:00

readme.md

CVE-2017-7269 远程代码执行回显验证

我们团队对此次 CVE-2017-7269(IIS6-0远程命令执行漏洞) 漏洞的分析报告: https://ht-sec.org/cve-2017-7269-vulnerabilities/

默认PoC 只能弹calc.exe ,现在修改成可以响应请求,命令格式为:

CVE-2017-7269_remote_echo.py ip_address port

利用条件

iis6.0
开启WebDav功能（具体为PROPFIND方法，成功则返回207或者200）
windows server 2003 R2

效果如下:

来源: https://github.com/lcatro/CVE-2017-7269-Echo-PoC

readme.md Unescape Escape

CVE-2017-7269 远程代码执行回显验证

利用条件

readme.md