VulnXML Project: Sample XML document (buffer overflow)
Date: 2003-05. From: http://www.owasp.org/vulnxml/IISChunkedBO.xml
See: VulnXML Project
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE WebApplicationTest SYSTEM "WebApplicationTest.dtd">
<WebApplicationTest>
<TestDescription>
<TestName>OWASP-00002</TestName>
<TestVersion>0.0</TestVersion>
<DateReleased>2002-04-10</DateReleased>
<DateUpdated>2002-04-30</DateUpdated>
<OWASP_Class class="Overflows" URL="http://www.owasp.org/asac/"/>
<References>
<Reference database="Bugtraq" URL="http://www.securityfocus.com/bid/4485"/>
<Reference database="CVE" URL="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079"/>
<Reference database="Microsoft" URL="http://www.microsoft.com/technet/security/bulletin/ms02-018.asp"/>
<Reference database="Cert" URL="http://www.cert.org/advisories/CA-2002-09.html"/>
</References>
<Copyright>Public Domain</Copyright>
<TestProtocol protocol="HTTP"/>
<MayProxy value="True"/>
<Description>Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.</Description>
<ApplicableTo>
<Platform>
<OS>Windows</OS>
<Arch>i386</Arch>
</Platform>
<WebServer>Microsoft-IIS</WebServer>
<ApplicationServer/>
</ApplicableTo>
<Affects scope="server"/>
<TriggerOn event="file">
<Match type="regex">.*.asp</Match>
</TriggerOn>
<Impact>The attacker can cause the web server to crash and restart, and could potentially execute arbitrary code on the web server</Impact>
<Severity value="high"/>
<Recommendation>Delete sample ASP scripts to deter bulk scanners. Install the patch supplied by Microsoft as soon as it is available.</Recommendation>
<AlertOn result="SUCCESS"/>
</TestDescription>
<Inputs/>
<Connection>
<Step name="step1">
<Request>
<MessageHeader>
<Method encoding="text">POST</Method>
<URI encoding="text">${scheme}://${host}:${port}/${path}/${file}</URI>
<Version encoding="text">HTTP/1.1</Version>
<Header name="Accept" encoding="text">*/*</Header>
<Header name="Host" encoding="text">${host}</Header>
<Header name="Transfer-Encoding" encoding="text">chunked</Header>
</MessageHeader>
<MessageBody>
<Content-Type encoding="text">application/x-www-form-urlencoded</Content-Type>
<Content-Length length="auto"/>
<Separator encoding="text"/>
<Item encoding="base64">MQpFCjAKCgoK</Item>
</MessageBody>
</Request>
<Response>
<SetVariable name="ResponseCode" type="string">
<Description>HTTP Response code</Description>
<Source source="status-line">^.*\s(\d\d\d)\s</Source>
</SetVariable>
<SetVariable name="redir302" type="string">
<Description>See if we got a custom 404 handler, correctly implemented using a redirection</Description>
<Source source="message-header">Location: (.*)$</Source>
</SetVariable>
<SetVariable name="body404" type="string">
<Description>See if we got a custom 404 handler, incorrectly implemented using a return code of 200</Description>
<Source source="message-body">(404 Not Found)</Source>
</SetVariable>
<SetVariable name="unpatched" type="string">
<Description>An unpatched server returns "(0x80004005)<br>Unspecified</Description>
<Source source="message-body">(\(0x80004005\)<br>Unspecified)</Source>
</SetVariable>
<SetVariable name="patched" type="string">
<Description>A patched server returns "(0x80004005)<br>Request</Description>
<Source source="message-body">(\(0x80004005\)<br>Request)</Source>
</SetVariable>
</Response>
<TestCriteria type="FAILURE">
<ErrorMessage>The page was not found</ErrorMessage>
<Compare variable="${ResponseCode}" test="equals" value="200">
<Compare variable="${body404}" test="notequals" value=""/>
</Compare>
<Compare variable="${ResponseCode}" test="equals" value="404"/>
<Compare variable="${ResponseCode}" test="equals" value="302"/>
<Compare variable="${ResponseCode}" test="equals" value="500"/>
</TestCriteria>
<TestCriteria type="FAILURE">
<Compare variable="${patched}" test="notequals" value=""/>
</TestCriteria>
<TestCriteria type="SUCCESS">
<Compare variable="${unpatched}" test="notequals" value=""/>
</TestCriteria>
</Step>
</Connection>
</WebApplicationTest>