Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: uploading files to Apache webserver
From: dzzie () yahoo com
Date: Wed, 17 Oct 2001 14:57:10 -0500



have you tested the PUT script so it is known working ?

when i do a http PUT to my IIS server i get back 2 seperate headers if it works


PUT /dir/mum.txt HTTP/1.1
Content-Length: 1854
Host: www.bad-things.com

[File Content]


HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Mon, 24 Sep 2001 13:41:11 GMT

HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Mon, 24 Sep 2001 13:41:15 GMT
Location: http://www.bad-things.com/dir/mum.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK


if the PUT fails then i get these two headers

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Mon, 24 Sep 2001 13:43:30 GMT

HTTP/1.1 403 Forbidden
Server: Microsoft-IIS/5.0
Date: Mon, 24 Sep 2001 13:43:30 GMT
Connection: close
Content-Type: text/html
Content-Length: 3193

[html error page generated by IIS]


the first header just means that the method is implemented or not...if i 
try a PUT on my Apache server I get

HTTP/1.1 405 Method Not Allowed
Date: Mon, 15 Oct 2001 23:41:33 GMT
Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1 mod_ssl/2.8.2 OpenSSL/0.9.6
Allow: GET, HEAD, OPTIONS, TRACE
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

[html error msg generated by server]



it might be that the server has the PUT method implemented but its not 
actually a writable directory or mabey the PUT script has a bug ?

if you have a MS platform about you can try my PUT program it will spit out
all teh headers it receives after the attempt..mabey it will show some 
more info...

http://geocities.com/dzzie/

its in the VB6 -> Internet section



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]