Web Servers: TCP:80 - Malformed HTR Request - NT4
Description: A vulnerability in IIS involves an unchecked buffer in the filter DLLs for the following file types: .HTR, .STM and .IDC files. The .htr, .STM and .IDC extensions are used by ISAPI filters so an attacker can therefore overflow those ISAPI filters and remotely execute code as SYSTEM.
Web Servers: TCP:80 - IIS HTR ISAPI chunking buffer overflow
Description: A vulnerability in IIS involving the processing of chunked HTTP data and its use by the HTR ISAPI, can be exploited by an attacker to remotely execute code of his choice.
Risk Level: High
I try to use iishack.exe with ncx but dont success
anyone know other exploit for have a command shell?
