|
Penetration Testing
mailing list archives
Re: WebInspect
From: Dave McCormick <mccormic () xecu net>
Date: Thu, 20 Feb 2003 08:53:41 -0500 (EST)
Try the DAV Explorer.
http://www.ics.uci.edu/~webdav/
This is a WEBDAV client app that provides:
Treeview of WEBDAV server
Upload and download of web resources
Display all resource props or lock props
etc... etc...
It's LOADS of fun! ;)
Dave McCormick
"Too close for missles, I'm switching to guns."
-Maverick
On Sun, 19 Jan 2003, Indian Tiger wrote:
Hi,
I was using WebInspect and found Web DAV Support enabled.
It's execution part suggests following to exploit:
Issue the following request to the server:
PROPFIND / HTTP/1.0
Host:
Content-Length: 0
I can't understood, how to use these commands to exploit this vulnerability.
----------------------------------------------------------------------------
IIS was not showing any log after running WebInspect.
I think the directory for this is c:\winnt\system32\logfiles
----------------------------------------------------------------------------
Sincerely,
Balwant Rathore, CISSP
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
 By Date 
By Thread
Current thread:
| 
