IIS 5.0 problem with "backup" files in executable directories....how to enumerate them?
From: fr0stman (fr0stman@sun-tzu-security.net)
Date: 03/16/03
- Previous message: Steven Gill: "RE: command-line reverse connection tunnel?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: fr0stman <fr0stman@sun-tzu-security.net> To: pen-test@securityfocus.com Date: Sun, 16 Mar 2003 13:19:10 -0500
Ok I have a scanner utility that is enumerating backup copies of files that
are present:
i.e. http://www.blah.com/index.html
If there's an index.old or index.html.old the script will find these with
subsequent GET requests for the "backup" files.
Where I'm running into a problem is with IIS 5.0 (Apache doesn't do this).
i.e. http://www.blah.com/scripts/login.asp
When I make a POST request to /scripts/login.old, etc I get a 405 method not
allowed. The error in the returned header states only methods OPTIONS and
TRACE are allowed which I'm assuming are the default methods allowed for a
file extension that hasn't previously been setup in the IIS directory
configuration. GET requests of course return 403 access denied errors. TRACE
returns 200 OK for any request and OPTIONS of course returns the allowed HTTP
methods.
Has anyone else overcome this error or have a reliable method of determining
"backup" copies of files are present in executable directories? Thanks in
advance.
-- -- fr0stman -- ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
- Previous message: Steven Gill: "RE: command-line reverse connection tunnel?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
