Home
Latest images
Search
Register
Log inWebTuff - IIS 6.0 WebDAV Authentication Bypass PoC
Page 1 of 1
WebTuff - IIS 6.0 WebDAV Authentication Bypass PoC
andry Fri Oct 22, 2010 2:37 am
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
web shell upload - creating a backdoor
website defacement
passwords and sensitive information theft
local execution of uploaded malicious code
"Copyright 2009, Raviv Raz - ravivr@gmail.com"
print "WebTuff is a testing utility that verifies"
print "whether your IIS server is vulnerable to"
print "Microsoft IIS 6.0\nWebDAV Remote Authentication Bypass"
print "In a successful breach, WebTuff saves the"
print "remote resource locally under the same name"
print "\nUsage: %s \nFor example: %s http://www.victim.com/path/to/file.txt"%(argv[0],argv[0])
The following WebTuff utility is a proof of concept that performs the following actions:
1-Try to retrieve the file at the given URI using a simple WebDAV GET command
2-Try to retrieve the file at the given URI using a simple WebDAV GET command, and the assistance of our friends %c0 and %af in the middle of the URI
3-Save the retrieved file locally and / or report server response
web shell upload - creating a backdoor
website defacement
passwords and sensitive information theft
local execution of uploaded malicious code
"Copyright 2009, Raviv Raz - ravivr@gmail.com"
print "WebTuff is a testing utility that verifies"
print "whether your IIS server is vulnerable to"
print "Microsoft IIS 6.0\nWebDAV Remote Authentication Bypass"
print "In a successful breach, WebTuff saves the"
print "remote resource locally under the same name"
print "\nUsage: %s \nFor example: %s http://www.victim.com/path/to/file.txt"%(argv[0],argv[0])
The following WebTuff utility is a proof of concept that performs the following actions:
1-Try to retrieve the file at the given URI using a simple WebDAV GET command
2-Try to retrieve the file at the given URI using a simple WebDAV GET command, and the assistance of our friends %c0 and %af in the middle of the URI
3-Save the retrieved file locally and / or report server response
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Fault-Based Attack of RSA Authentication
» Web application firewall bypass with a XSS attack
» Methods to Bypass a Web Application Firewall
» CubeCart 4 session management bypass leads to administrator access
» Web application firewall bypass with a XSS attack
» Methods to Bypass a Web Application Firewall
» CubeCart 4 session management bypass leads to administrator access
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum