CVE-2001-0506

Internet Information Server 4.0-5.0 - Local Privilege Escalation via SSI Long Filename Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0506. PoCs published by Indigo.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Microsoft IIS 4.0 and 5.0 via Server Side Include (SSI) files. It generates a malicious SSI file that, when accessed, triggers a buffer overflow to execute arbitrary shellcode, providing a SYSTEM-level reverse shell to the attacker.

Description

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Indigo · clocalwindows

https://www.exploit-db.com/exploits/21071

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Microsoft IIS 4.0 and 5.0 via Server Side Include (SSI) files. It generates a malicious SSI file that, when accessed, triggers a buffer overflow to execute arbitrary shellcode, providing a SYSTEM-level reverse shell to the attacker.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft IIS 4.0 and 5.0

Auth required

Prerequisites: Write access to the web root directory of the target IIS server · Ability to place a file in a directory with a 12-character name

MITRE ATT&CK