mailing list archives
Re: Scanning for WebDAV vulns
From: Ron <ron () skullsecurity net>
Date: Wed, 20 May 2009 18:17:31 -0500
Thierry Zoller wrote:
Thanks, you might want to have an option to check for write access,
on some strange setups this might actually happen.
There's no easy way, that I know of, to check for Write access. That
being said, there's a pretty good chance that if you exploit the
install, you'll have write access anyways -- I'm assuming people
generally give r/w access to Administrator (or whoever) -- what's the
point of running WebDAV if you don't?.
On a related note, my friend and I wrote an exploit for it. Basically,
take the patch we wrote and apply it to the latest version of Cadaver.
Then connect to the vulnerable site with Cadaver and navigate like you
normally would. It's great fun :)
He did an amazing and detailed writeup of the vulnerability and the
exploit and everything else here:
It includes how to detect WebDAV, how to exploit Windows XP/2003, and
the actual code for the exploit.
Have fun, and be responsible :)
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org