What you really need is a proof of concept exploit and a demonstration. However, I'm not convinced that every security vuln has a proof of concept exploit.
E 07/11/02 21:15:31, JM <[EMAIL PROTECTED]> wrote: > > > >Sorry for the dumb question...but someone must be able to help... > >There are loads of tools out there to identify vulnerabilites, I for one am >using Retina 4.9. This is good in that it tell you exactly how to fix the >problem. > >What I would like to know is if there are any tools out there that will find >the vulnerabilitites and test them, i.e. Try to exploit them. > >For example, running the vulnerability scanner against a particular host >list the following as a vulnerability; > >Web Servers: TCP:80 - IIS HTR ISAPI CHUNKING BUFFER OVERFLOW >DESCRIPTION: A vulnerability in IIS involving the processing of >chunked HTTP data and it's use by the HTR ISAPI, can be exploited by an >attacker to remotely execute the >code of his choice >RISK LEVEL: High >HOW TO FIX: Microsoft has released a hotfix to eliminate this >vulnerability >RELATED LINKS: Microsoft Security Bulletin > eEye Advisory >CVE: CAN-2002-0364 > >What I would like to know is, if there is a tool that could demonstrate this >vulnerability by exploting it. Of course this would be done in a test >environment only, but it is to demonstrate the exploit to a client who >thinks these things are rarely exploited. > >Thanks > > >JM > > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.413 / Virus Database: 232 - Release Date: 06/11/2002 > "There's so many different worlds So many different suns And we have just one world But we live in different ones.." - Dire Straits - "Brothers in Arms"
