Description
This module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently sized buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/http/intrasrv_bofmsf undefined(intrasrv_bof) > show actions ...actions...msf undefined(intrasrv_bof) > set ACTION < action-name >msf undefined(intrasrv_bof) > show options ...show and set options...msf undefined(intrasrv_bof) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub