Penetration Testing mailing list archives
Re: WebInspect
From: Dave McCormick <mccormic () xecu net>
Date: Thu, 20 Feb 2003 08:53:41 -0500 (EST)
Try the DAV Explorer. http://www.ics.uci.edu/~webdav/ This is a WEBDAV client app that provides: Treeview of WEBDAV server Upload and download of web resources Display all resource props or lock props etc... etc... It's LOADS of fun! ;) Dave McCormick "Too close for missles, I'm switching to guns." -Maverick On Sun, 19 Jan 2003, Indian Tiger wrote:
Hi, I was using WebInspect and found Web DAV Support enabled. It's execution part suggests following to exploit: Issue the following request to the server: PROPFIND / HTTP/1.0 Host: Content-Length: 0 I can't understood, how to use these commands to exploit this vulnerability. ---------------------------------------------------------------------------- IIS was not showing any log after running WebInspect. I think the directory for this is c:\winnt\system32\logfiles ---------------------------------------------------------------------------- Sincerely, Balwant Rathore, CISSP ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
Current thread:
- WebInspect Indian Tiger (Feb 19)
- Re: WebInspect Kevin Spett (Feb 19)
- Re: WebInspect David Litchfield (Feb 19)
- Re: WebInspect Dave McCormick (Feb 20)