Metasploit mailing list archives
Re: exploits/windows/iis/iis_webdav_upload_asp
From: Vincent den Boer <vincent () shishkabab net>
Date: Fri, 16 Apr 2010 11:10:54 +0200
On Wednesday 14 of April 2010 16:22:47 you wrote:
On Apr 14, 2010, at 6:31 AM, Vincent den Boer wrote:I'm trying to exploit a server that's probably vulnerable to the iis_webdav_upload_asp exploit. The problem is that in the call to Msf::Exploit::Remote::HttpClient::send_request_cgi on line 60 doesn't return. The loop on line 211 never returns and the resp keeps getting filled with a '100 continue' message even though that message was only sent once or twice by the remote server and the server also issued a '201 created' message. Does anyone know what could cause this? This is as far as my Ruby knowledge goes by the wayTo validate the vuln check out using cadaver. Sometimes even though you have upload privs via webdav, you can't upload executable files (by default, eg asp).
No, this wasn't the case. The upload is successful, but the aforementioned loop never returns. For now I've done the rest of the process (moving, starting the handler, deleting the script) manually and that works, but I think it's still an interesting thing to look into. -- Kind regards, Vincent den Boer _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- exploits/windows/iis/iis_webdav_upload_asp Vincent den Boer (Apr 14)
- Message not available
- Re: exploits/windows/iis/iis_webdav_upload_asp Vincent den Boer (Apr 16)
- Message not available