Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WebInspect

From: Dave McCormick <mccormic () xecu net>
Date: Thu, 20 Feb 2003 08:53:41 -0500 (EST)

Try the DAV Explorer.

http://www.ics.uci.edu/~webdav/

This is a WEBDAV client app that provides:

Treeview of WEBDAV server
Upload and download of web resources
Display all resource props or lock props

etc... etc...

It's LOADS of fun! ;)


Dave McCormick

"Too close for missles, I'm switching to guns."
-Maverick

On Sun, 19 Jan 2003, Indian Tiger wrote:


Hi,

I was using WebInspect and found Web DAV Support enabled.
It's execution part suggests following to exploit:

Issue the following request to the server:
PROPFIND / HTTP/1.0
Host:
Content-Length: 0
I can't understood, how to use these commands to exploit this vulnerability.
----------------------------------------------------------------------------
IIS was not showing any log after running WebInspect.
I think the directory for this is c:\winnt\system32\logfiles
----------------------------------------------------------------------------

Sincerely,

Balwant Rathore, CISSP


----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core





----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
Previous By Date Next
Previous By Thread Next

Current thread: