Home page logo
/

pen-test logo Penetration Testing mailing list archives

uploading files to Apache webserver
From: mel <meling () scan-associates net>
Date: Wed, 17 Oct 2001 15:16:35 +0800

Hi, 

I've found a world writable directory on a website that we're
doing due diligence on, but PUT-ting files to the directory (via a script)
seems to be a problem. The directory contains either index.html, index.php
or index.php3 and when I tried to PUT my own script there, it gets
overwritten by the index file.

e.g:

[root () angel perlsrc]# telnet victim.com 80
Trying a.b.c.d...
Connected to victim.com
Escape character is '^]'.
PUT /writable_directory/1.txt HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 17 Oct 2001 07:09:56 GMT
Server: Apache/1.3.12
Vary: accept
Connection: close
Content-Type: text/html
Expires: Wed, 17 Oct 2001 07:09:56 GMT

<<CONTENTS OF INDEX FILES ARE DUMPED HERE>>

--mel 
meling mudin (meling () scan-associates net)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault