4th time’s the charm? IIS DoS and how it doesn’t work
a few days ago a bugtraq post was made about an iis dos.
the post was almost completely ignored by everybody, and today we saw a post on sans isc about a vague vulnerability in iis 5.1 (xp) after a post about it on securiteam:
now, the funny thing about this exploit is that it will only return an exception on the 4th attempt.
every time, only on the 4th attempt.
this is the best anti-exploitation effort i have ever seen, it is either:
1. a way to avoid exploits.. which is simply unbelievable. ms has gone nuts. this is hillarious. and if do it, why stop at 4 times? make it go to infinity… uh huh.
2. a way to avoid bugs! hey we are all kind of annoyed from qa and fixing bugs.. if it’s important enough to show up 4 times, let us know and crash the program, will ya?
3. a complete fluke! some bored reverser will let us know why iis does this, no doubt.
still, let us go to the conspiratorial side for a minute:
this is why iis vulnerabilities are hard to come by these days!! microsoft made sure you will only get an exception after 4 times!
so much for all the fuzzers that have been hammering iss all these years, eh? :p
try the exploit, it’s just one url. enter it 4 times, follow it in a debugger and be amazed!
the original text can be found at: