CVE-2021-31166

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in HTTP.sys. The exploit triggers a kernel crash by sending a crafted HTTP request with a malformed 'Accept-Encoding' header, demonstrating the vulnerability in affected Windows versions.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a remote Use-After-Free (UAF) vulnerability in HTTP.sys. The exploit sends a crafted HTTP request with a malformed 'Accept-Encoding' header to trigger a denial-of-service (DoS) condition, causing the target system to crash and reboot.

This repository provides detection mechanisms (Suricata rule and Zeek package) for CVE-2021-31166, a Windows HTTP Protocol Stack vulnerability, but does not include functional exploit code. It includes example logs and alerts generated by these detection tools.

This repository contains a functional PoC for CVE-2021-31166, a use-after-free vulnerability in HTTP.sys. The exploit sends a crafted HTTP request with a malformed 'Accept-Encoding' header to trigger a crash in vulnerable Windows systems.

The repository contains a scanner for CVE-2022-21907, which checks for a DoS vulnerability in IIS servers by sending a malformed 'Accept-Encoding' header. The script verifies if the server crashes after sending the payload.

The repository contains a functional exploit for CVE-2021-31166, which targets a vulnerability in the Microsoft HTTP Protocol Stack (Http.sys). The exploit sends a crafted 'Accept-Encoding' header to trigger a denial-of-service (DoS) condition, causing a blue screen error and system reboot.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in HTTP.sys. The exploit triggers a kernel crash (BSOD) by sending a crafted HTTP request with a malformed 'Accept-Encoding' header.

The repository contains a functional bash script that exploits CVE-2021-31166, an HTTP request smuggling vulnerability in IIS servers. The script sends a malformed HTTP request with a crafted 'Accept-encoding' header to trigger the vulnerability.

This repository provides detection rules for Suricata, Snort, and Zeek to identify exploitation attempts of CVE-2021-31166, an HTTP Protocol Stack Remote Code Execution vulnerability in Windows. It includes network-based detection logic but does not contain exploit code.

The repository contains only a README with a list of affected versions for CVE-2021-31166 but no actual exploit code, technical details, or proof-of-concept. It appears to be a placeholder or lure without substantive content.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in the HTTP Protocol Stack (http.sys) in Windows. The exploit triggers a kernel crash by sending a crafted HTTP request with a malformed 'Accept-Encoding' header, leading to a LIST_ENTRY corruption and a KERNEL_SECURITY_CHECK_FAILURE bugcheck.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in the HTTP Protocol Stack (http.sys) in Windows. The exploit triggers a kernel crash by sending a crafted HTTP request with a malformed 'Accept-Encoding' header, leading to a LIST_ENTRY corruption and a KERNEL_SECURITY_CHECK_FAILURE bugcheck.

This repository provides a functional proof-of-concept for CVE-2021-31166, a use-after-free vulnerability in http.sys. It includes Terraform scripts to deploy a vulnerable Windows Server 20H2 environment and a curl command to trigger the vulnerability via a malformed Accept-Encoding header.

This Metasploit module exploits CVE-2021-31166, a use-after-free (UAF) vulnerability in Windows IIS HTTP Protocol Stack (http.sys) by sending a maliciously crafted Accept-Encoding header, resulting in a denial-of-service (BSOD) on vulnerable systems.

This repository contains functional exploit code for CVE-2021-31166, a Windows HTTP Protocol Stack Remote Code Execution Vulnerability. The exploit includes a Python script (`exp.py`) and supporting files for environment setup, demonstrating the vulnerability in a controlled manner.

This repository contains functional exploit code for CVE-2021-31166, a DoS vulnerability in Microsoft IIS. The scripts (PowerShell, Ruby, Python) send malformed 'Accept-Encoding' headers to trigger a Blue Screen crash.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in the HTTP Protocol Stack (http.sys) in Windows. The exploit triggers a kernel crash by sending a crafted HTTP request with a malformed 'Accept-Encoding' header, leading to a LIST_ENTRY corruption and a KERNEL_SECURITY_CHECK_FAILURE bugcheck.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in HTTP.sys. The exploit triggers a kernel security check failure by sending a crafted HTTP request with a malformed 'Accept-Encoding' header.

This repository contains a functional proof-of-concept exploit for CVE-2021-31166, a use-after-free vulnerability in Microsoft's HTTP Protocol Stack (http.sys). The exploit triggers a kernel crash by sending a crafted HTTP request with a malformed 'Accept-Encoding' header, leading to a LIST_ENTRY corruption and a KERNEL_SECURITY_CHECK_FAILURE bugcheck.