WebApp Sec mailing list archives
WebDav Questions
From: <webappsecquestions () hushmail com>
Date: Sun, 7 Sep 2003 16:22:55 -0700
I wonder if anyone can help me with a explanation of WebDav security ? Am I right in saying that despite underlying file permissions, if WebDav is enabled an attacker just needs to guess a username and password using regular HTTP authentication to execute the method ? ie if delete is enabled, do I just have to guess the username and password to delete the index page. Can WebDav permissions / methods be set up on a per file basis or a per server basis? What does the connect method allow ? Any good papers about WebDav security ? Any good tools for exploiting WebDav (exploiting the HTTP methods etc, not the implementations) Thanks Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- WebDav Questions webappsecquestions (Sep 07)