Home page logo

metasploit logo Metasploit mailing list archives

Re: exploits/windows/iis/iis_webdav_upload_asp
From: Vincent den Boer <vincent () shishkabab net>
Date: Fri, 16 Apr 2010 11:10:54 +0200

On Wednesday 14 of April 2010 16:22:47 you wrote:
On Apr 14, 2010, at 6:31 AM, Vincent den Boer wrote:
I'm trying to exploit a server that's probably vulnerable to the
iis_webdav_upload_asp exploit. The problem is that in the call to
Msf::Exploit::Remote::HttpClient::send_request_cgi on line 60 doesn't
return. The loop on line 211 never returns and the resp keeps getting
filled with a '100 continue' message even though that message was only
sent once or twice by the remote server and the server also issued a '201
created' message. Does anyone know what could cause this? This is as far
as my Ruby knowledge goes by the way

To validate the vuln check out using cadaver.
Sometimes even though you have upload privs via webdav, you can't upload
 executable files (by default, eg asp).

No, this wasn't the case. The upload is successful, but the aforementioned loop 
never returns. For now I've done the rest of the process (moving, starting the 
handler, deleting the script) manually and that works, but I think it's still an 
interesting thing to look into.

Kind regards,
Vincent den Boer

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]