VulnXML Project: Sample XML document (buffer overflow)
Date: 2003-05. From: http://www.owasp.org/vulnxml/IISChunkedBO.xml
See: VulnXML Project
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE WebApplicationTest SYSTEM "WebApplicationTest.dtd"> <WebApplicationTest> <TestDescription> <TestName>OWASP-00002</TestName> <TestVersion>0.0</TestVersion> <DateReleased>2002-04-10</DateReleased> <DateUpdated>2002-04-30</DateUpdated> <OWASP_Class class="Overflows" URL="http://www.owasp.org/asac/"/> <References> <Reference database="Bugtraq" URL="http://www.securityfocus.com/bid/4485"/> <Reference database="CVE" URL="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079"/> <Reference database="Microsoft" URL="http://www.microsoft.com/technet/security/bulletin/ms02-018.asp"/> <Reference database="Cert" URL="http://www.cert.org/advisories/CA-2002-09.html"/> </References> <Copyright>Public Domain</Copyright> <TestProtocol protocol="HTTP"/> <MayProxy value="True"/> <Description>Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.</Description> <ApplicableTo> <Platform> <OS>Windows</OS> <Arch>i386</Arch> </Platform> <WebServer>Microsoft-IIS</WebServer> <ApplicationServer/> </ApplicableTo> <Affects scope="server"/> <TriggerOn event="file"> <Match type="regex">.*.asp</Match> </TriggerOn> <Impact>The attacker can cause the web server to crash and restart, and could potentially execute arbitrary code on the web server</Impact> <Severity value="high"/> <Recommendation>Delete sample ASP scripts to deter bulk scanners. Install the patch supplied by Microsoft as soon as it is available.</Recommendation> <AlertOn result="SUCCESS"/> </TestDescription> <Inputs/> <Connection> <Step name="step1"> <Request> <MessageHeader> <Method encoding="text">POST</Method> <URI encoding="text">${scheme}://${host}:${port}/${path}/${file}</URI> <Version encoding="text">HTTP/1.1</Version> <Header name="Accept" encoding="text">*/*</Header> <Header name="Host" encoding="text">${host}</Header> <Header name="Transfer-Encoding" encoding="text">chunked</Header> </MessageHeader> <MessageBody> <Content-Type encoding="text">application/x-www-form-urlencoded</Content-Type> <Content-Length length="auto"/> <Separator encoding="text"/> <Item encoding="base64">MQpFCjAKCgoK</Item> </MessageBody> </Request> <Response> <SetVariable name="ResponseCode" type="string"> <Description>HTTP Response code</Description> <Source source="status-line">^.*\s(\d\d\d)\s</Source> </SetVariable> <SetVariable name="redir302" type="string"> <Description>See if we got a custom 404 handler, correctly implemented using a redirection</Description> <Source source="message-header">Location: (.*)$</Source> </SetVariable> <SetVariable name="body404" type="string"> <Description>See if we got a custom 404 handler, incorrectly implemented using a return code of 200</Description> <Source source="message-body">(404 Not Found)</Source> </SetVariable> <SetVariable name="unpatched" type="string"> <Description>An unpatched server returns "(0x80004005)<br>Unspecified</Description> <Source source="message-body">(\(0x80004005\)<br>Unspecified)</Source> </SetVariable> <SetVariable name="patched" type="string"> <Description>A patched server returns "(0x80004005)<br>Request</Description> <Source source="message-body">(\(0x80004005\)<br>Request)</Source> </SetVariable> </Response> <TestCriteria type="FAILURE"> <ErrorMessage>The page was not found</ErrorMessage> <Compare variable="${ResponseCode}" test="equals" value="200"> <Compare variable="${body404}" test="notequals" value=""/> </Compare> <Compare variable="${ResponseCode}" test="equals" value="404"/> <Compare variable="${ResponseCode}" test="equals" value="302"/> <Compare variable="${ResponseCode}" test="equals" value="500"/> </TestCriteria> <TestCriteria type="FAILURE"> <Compare variable="${patched}" test="notequals" value=""/> </TestCriteria> <TestCriteria type="SUCCESS"> <Compare variable="${unpatched}" test="notequals" value=""/> </TestCriteria> </Step> </Connection> </WebApplicationTest>