Re: WebInspect

From: Dave McCormick (mccormic@xecu.net)
Date: 02/20/03

  • Next message: Roy Keene: "Re: command-line reverse connection tunnel?" 
    Date: Thu, 20 Feb 2003 08:53:41 -0500 (EST)
From: Dave McCormick <mccormic@xecu.net>
To: Indian Tiger <indiantiger@mailandnews.com>

    Try the DAV Explorer.

    http://www.ics.uci.edu/~webdav/

    This is a WEBDAV client app that provides:

    Treeview of WEBDAV server
    Upload and download of web resources
    Display all resource props or lock props

    etc... etc...

    It's LOADS of fun! ;)

    Dave McCormick

    "Too close for missles, I'm switching to guns."
    -Maverick

    On Sun, 19 Jan 2003, Indian Tiger wrote:

    > Hi,
    >
    > I was using WebInspect and found Web DAV Support enabled.
    > It's execution part suggests following to exploit:
    >
    > Issue the following request to the server:
    > PROPFIND / HTTP/1.0
    > Host:
    > Content-Length: 0
    > I can't understood, how to use these commands to exploit this vulnerability.
    > ----------------------------------------------------------------------------
    > IIS was not showing any log after running WebInspect.
    > I think the directory for this is c:\winnt\system32\logfiles
    > ----------------------------------------------------------------------------
    >
    > Sincerely,
    >
    > Balwant Rathore, CISSP
    >
    >
    > ----------------------------------------------------------------------------
    >
    > Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
    > box?
    > CORE IMPACT does.
    > www.securityfocus.com/core
    >
    >

    ----------------------------------------------------------------------------

    Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
    box?
    CORE IMPACT does.
    http://www.securityfocus.com/core