Re: exploits/windows/iis/iis_webdav_upload_asp

[Vincent den Boer <vincent () shishkabab net>]

On Wednesday 14 of April 2010 16:22:47 you wrote:
> On Apr 14, 2010, at 6:31 AM, Vincent den Boer wrote:
> > I'm trying to exploit a server that's probably vulnerable to the
> > iis_webdav_upload_asp exploit. The problem is that in the call to
> > Msf::Exploit::Remote::HttpClient::send_request_cgi on line 60 doesn't
> > return. The loop on line 211 never returns and the resp keeps getting
> > filled with a '100 continue' message even though that message was only
> > sent once or twice by the remote server and the server also issued a '201
> > created' message. Does anyone know what could cause this? This is as far
> > as my Ruby knowledge goes by the way
>
> To validate the vuln check out using cadaver.
> Sometimes even though you have upload privs via webdav, you can't upload
>  executable files (by default, eg asp).

No, this wasn't the case. The upload is successful, but the aforementioned loop 
never returns. For now I've done the rest of the process (moving, starting the 
handler, deleting the script) manually and that works, but I think it's still an 
interesting thing to look into.

-- 
Kind regards,
Vincent den Boer
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework