mailing list archives
From: Vincent den Boer <vincent () shishkabab net>
Date: Fri, 16 Apr 2010 11:10:54 +0200
On Wednesday 14 of April 2010 16:22:47 you wrote:
On Apr 14, 2010, at 6:31 AM, Vincent den Boer wrote:
I'm trying to exploit a server that's probably vulnerable to the
iis_webdav_upload_asp exploit. The problem is that in the call to
Msf::Exploit::Remote::HttpClient::send_request_cgi on line 60 doesn't
return. The loop on line 211 never returns and the resp keeps getting
filled with a '100 continue' message even though that message was only
sent once or twice by the remote server and the server also issued a '201
created' message. Does anyone know what could cause this? This is as far
as my Ruby knowledge goes by the way
To validate the vuln check out using cadaver.
Sometimes even though you have upload privs via webdav, you can't upload
executable files (by default, eg asp).
No, this wasn't the case. The upload is successful, but the aforementioned loop
never returns. For now I've done the rest of the process (moving, starting the
handler, deleting the script) manually and that works, but I think it's still an
interesting thing to look into.
Vincent den Boer