Description
This module exploits a vulnerability found in NetDecision's HTTP service (located in C:\Program Files\NetDecision\Bin\HttpSvr.exe). By supplying a long string of data to the URL, an overflow may occur if the data gets handled by HTTP Server's active window. In other words, in order to gain remote code execution, the victim is probably looking at HttpSvr's window.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/http/netdecision_http_bofmsf undefined(netdecision_http_bof) > show actions ...actions...msf undefined(netdecision_http_bof) > set ACTION < action-name >msf undefined(netdecision_http_bof) > show options ...show and set options...msf undefined(netdecision_http_bof) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub