Re: WebInspect

From: David Litchfield (david@ngssoftware.com)
Date: 02/20/03

Next message: Ali-Reza Anghaie: "Re: NetMeeting and H.323"

Previous message: Kevin Spett: "Re: WebInspect"
In reply to: Indian Tiger: "WebInspect"
Next in thread: Dave McCormick: "Re: WebInspect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "David Litchfield" <david@ngssoftware.com>
To: "Indian Tiger" <indiantiger@mailandnews.com>, <pen-test@securityfocus.com>
Date: Wed, 19 Feb 2003 23:15:16 -0800

On IIS PROPFIND will only be of use if 1) Directory listings are enabled and
2) a default page exists - e.g. default.asp

If you request the directory with a GET request - e.g.
GET /foo HTTP/1.0
you'll get the default.asp page and not a directory listing - even though
listings are allowed. So to get the directory listing you can fall back on
PROPFIND. But the catch here is that directory listings are disabled by
default.

You can always try the SEARCH request method on IIS. Problem is the Index
Server service needs to be started. It is not by default - it's set to
'mamual'.

HTH,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/

----- Original Message -----
From: "Indian Tiger" <indiantiger@mailandnews.com>
To: <pen-test@securityfocus.com>
Sent: Sunday, January 19, 2003 7:38 AM
Subject: WebInspect

> Hi,
>
> I was using WebInspect and found Web DAV Support enabled.
> It's execution part suggests following to exploit:
>
> Issue the following request to the server:
> PROPFIND / HTTP/1.0
> Host:
> Content-Length: 0
> I can't understood, how to use these commands to exploit this
vulnerability.
> --------------------------------------------------------------------------

--
> IIS was not showing any log after running WebInspect.
> I think the directory for this is c:\winnt\system32\logfiles
> --------------------------------------------------------------------------
--
>
> Sincerely,
>
> Balwant Rathore, CISSP
>
>
> --------------------------------------------------------------------------
--
>
> Do you know the base address of the Global Offset Table (GOT) on a Solaris
8
> box?
> CORE IMPACT does.
> www.securityfocus.com/core
>
>
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core

Next message: Ali-Reza Anghaie: "Re: NetMeeting and H.323"
Previous message: Kevin Spett: "Re: WebInspect"
In reply to: Indian Tiger: "WebInspect"
Next in thread: Dave McCormick: "Re: WebInspect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]