
HTTP.sys vulnerability test - xPaw
https://lab.xpaw.me/MS15-034/?host=bing.com
======
discreditable
Correct me if I'm wrong, but wouldn't this site DoS vulnerable servers when it
checks them?

~~~
thesimon
Tested a site which got reported as vulnerable and the site is still up, so I
guess not :)

~~~
cmdrfred
It seems to be checking if the server is patched I got "Cannot discern patch
status of willcipriano.com, and it doesn't appear to be using IIS. This most
likely means it is not vulnerable." when I checked my own site. So likely it
isn't attempting to use the exploit.

------
jesalg
I'm getting "Cannot discern patch status of X" (VulnStatus::NOT_VULN_MS) on
couple of sites I tried. Wondering if that's a good or a bad sign?

~~~
drzaiusapelord
That seems to mean not running IIS, or IIS is behind something sanitizing the
range field (load balancer, apache/nginx, proxy, IPS, etc)

~~~
volumejunkie
"or IIS is behind something sanitizing the range field (load balancer,
apache/nginx, proxy, IPS, etc)"... If this is the case, would that mean the
server is not at risk? thanks!

------
blueflow
Sourcecode:

[https://github.com/xPaw/HTTPsys](https://github.com/xPaw/HTTPsys)

@xPaw: Nice to see you on HN, too^^

------
drzaiusapelord
How does this work? Do we have a working exploit now?

~~~
logicallee
Uncharitably, how it works is the author of this link doesn't want to scan all
2^32 hosts himself, so he's asking people for URL's to their windows servers
so he can reach them directly. I can't imagine a scenario where I would submit
a URL.

EDIT: again, yes, there are no doubt thousands of bots doing port scans for
this. In the uncharitable reading, this 'service' is how the author beats them
to the punch.

~~~
xPaw
I guess saying that I don't log anything wouldn't matter to you.

~~~
xPaw
I made this service in a couple of hours because I had nothing better to do at
the time :)

