Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Simple WebDAV method validator (PERL code)

From: SensePost Research <research () sensepost com>
Date: Tue, 18 Mar 2003 00:29:08 +0200 (SAST)
A quick 10 minute job...


head -n 9 finder.pl

#!/bin/perl
##
## This script test for most of the methods used by WebDAV
## If the server does not complain about the method its an indication
## that WebDAV is in use..
##
## Please see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp
## for info why this is interesting..
##

Typical output:


perl finder.pl www.blah.co.za 80

Testing WebDAV methods [www.blah.co.za 80]
-------------------------------------
www.blah.co.za : Server type is Microsoft-IIS/5.0
Method PROPFIND seems to be allowed - WebDAV possibly in use
Method PROPPATCH seems to be allowed - WebDAV possibly in use
Method MCOL seems to be allowed - WebDAV possibly in use
Method PUT seems to be allowed - WebDAV possibly in use
Method DELETE seems to be allowed - WebDAV possibly in use
Method LOCK seems to be allowed - WebDAV possibly in use
Method UNLOCK seems to be allowed - WebDAV possibly in use


perl finder.pl  www.moreblah.com 80

Testing WebDAV methods [www.moreblah.com 80]
-------------------------------------
www.moreblah.com : Server type is Microsoft-IIS/5.0
Method PROPFIND is not allowed
Method PROPPATCH is not allowed
Method MCOL is not allowed
Method PUT is not allowed
Method DELETE is not allowed
Method LOCK is not allowed
Method UNLOCK is not allowed



Enjoy/Butcher/Modify as you see fit.

----------------------------
SensePost Research
www.sensepost.com
research () sensepost com
----------------------------

Disclaimer:

This information is believed to be correct and accurate at the time of
publishing. No warranty or any guarantee is given, directly, or implied as
to its accuracy or completeness.  In no event shall the author or
SensePost be liable for any damages resulting from the use or abuse of
this information. The information contained in this correspondence may be
redistributed, provided it is not modified in any way or charged for.

Attachment: finder.pl
Description:

Previous By Date Next
Previous By Thread Next

Current thread: