CVE-2022-21907

This exploit targets a buffer overflow vulnerability in the HTTP Protocol Stack (HTTP.sys) on Windows 10 v21H1, leading to a denial-of-service (DoS) condition. The PoC sends a maliciously crafted HTTP request with an overly long 'Accept-Encoding' header to trigger the vulnerability.

This PoC exploits CVE-2022-21907, a DoS vulnerability in HTTP Protocol Stack by sending a malformed Accept-Encoding header, causing the target system to crash and restart. The script includes verification steps to confirm the vulnerability.

This is a functional DoS exploit for CVE-2022-21907, targeting Windows HTTP Protocol Stack (http.sys) via malformed HTTP requests with chunked encoding. It supports IPv4/IPv6 and HTTP/HTTPS, sending crafted payloads to trigger a denial-of-service condition.

This PoC exploits CVE-2022-21907, a double-free vulnerability in the Windows HTTP Protocol Stack (http.sys) via a malformed 'Accept-Encoding' header, leading to a kernel crash (DoS). The script sends a crafted payload and monitors the target for a crash.

This PoC exploits CVE-2022-21907, a DoS vulnerability in HTTP Protocol Stack by sending a malformed Accept-Encoding header, causing a blue screen crash. It includes verification steps to confirm the target's vulnerability and restart status.

This repository contains multiple proof-of-concept scripts for CVE-2022-21907, a DoS vulnerability in IIS. The scripts send malformed HTTP headers to trigger a denial of service (Blue Screen) on vulnerable systems.

This PoC exploits CVE-2022-21907, an HTTP Protocol Stack Remote Code Execution Vulnerability in Windows, by sending a malformed Accept-Encoding header to trigger a denial-of-service (DoS) condition. The script verifies the vulnerability by checking if the target crashes or restarts.

The repository contains a scanner for CVE-2022-21907, which checks for a DoS vulnerability in IIS servers by sending a malformed 'Accept-Encoding' header. The script verifies if the server crashes after sending the payload.

This repository provides detection logic for CVE-2022-21907, an HTTP request smuggling vulnerability in HTTP/2 implementations. It includes a Zeek script to identify exploit attempts based on HTTP request size and malformed headers, along with testing scripts for coverage analysis.

This repository contains an Nmap NSE script designed to detect the presence of CVE-2022-21907, a vulnerability in the Windows HTTP Protocol Stack (http.sys) that can lead to a Denial of Service (DoS). The script checks for vulnerability but does not include exploit code for remote code execution.

This repository contains a working proof-of-concept exploit for CVE-2022-21907, a vulnerability in the HTTP Protocol Stack (http.sys) of Windows 10. The exploit sends a specially crafted packet to trigger a denial of service (DoS) condition, causing the target system to crash.

This is a multithreaded Golang application that exploits CVE-2022-21907, a double free vulnerability in the HTTP Protocol Stack (http.sys) driver. It sends crafted HTTP requests with a malformed 'Accept-Encoding' header to trigger a kernel crash (DoS) on vulnerable Windows systems.

This repository contains a proof-of-concept exploit for CVE-2022-21907, a double free vulnerability in the HTTP Protocol Stack (http.sys) of Windows. The exploit sends a malformed HTTP request with a crafted 'Accept-Encoding' header to trigger a kernel crash (DoS).

The repository contains a functional PoC for CVE-2022-21907, a use-after-free vulnerability in Microsoft IIS HTTP Protocol Stack (http.sys). The exploit sends a crafted HTTP request with a malformed 'Accept-Encoding' header to trigger a denial-of-service (DoS) condition, potentially leading to remote code execution (RCE).

This PoC exploits CVE-2022-21907, a DoS vulnerability in the HTTP Protocol Stack, by sending malformed Accept-Encoding headers to crash IIS servers. It includes verification steps to confirm the target's vulnerability and restart status.

This PoC demonstrates a DoS vulnerability in IIS by sending a maliciously crafted Accept-Encoding header. The script monitors the target server's status before and after sending the payload to confirm a crash.

This Go-based PoC exploits CVE-2022-21907, a remote code execution vulnerability in the HTTP API of a target software. It sends a crafted POST request with a PowerShell payload to execute arbitrary commands on the target system.

The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.

This repository contains a functional exploit PoC for CVE-2022-21907, which targets a vulnerability in HTTP.sys. The exploit sends a crafted HTTP request with a malformed 'Accept-Encoding' header to trigger a denial-of-service (DoS) condition, causing the target system to crash and restart.

This PoC exploits CVE-2022-21907, a DoS vulnerability in HTTP.sys via a malformed Accept-Encoding header. It sends a crafted request to trigger a blue screen (BSOD) and verifies the target's crash/reboot state.