Nmap Development mailing list archives
General Webdav NSE script and the new IIS6 vulnerability
From: Fyodor <fyodor () insecure org>
Date: Tue, 19 May 2009 12:38:40 -0700
Hi All. I noticed a thread on the security-basics list where someone was asking about an NSE script to detect the new IIS authentication bypass vulnerability: The vuln: http://seclists.org/fulldisclosure/2009/May/att-0134/IIS_Advisory_pdf More vuln details: http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html Webdav+Nmap security-basics thread: http://seclists.org/basics/2009/May/0160.html I was just starting to recognize that we should really write a script for detecting this when Ron IM'd me to say he was doing just that :). He's working furiously on it at the moment and we can expect an announcement from him today! Yay! But that security-basics thread also highlighted an old, more general Webdav script from Kris which some people were using to help find potentially vulnerable systems (those with IIS6+WebDAV enabled): http://ack-rst.com/scripts/webdav.nse So my questions are: 1) What is the status of this script? Is it ready to be cleaned up and integrated? I suppose it would need NSEDoc comments, but is there anything else missing or restructuring needed? Maybe Kris can let us know his thoughts on this. 2) Do people want this script in Nmap? Anyone want to test it out and report back to nmap-dev how it worked for you, whether it would be useful for you going forward, and any suggestions you might have for improving it? Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General Webdav NSE script and the new IIS6 vulnerability Fyodor (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Kris Katterjohn (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Gutek (May 20)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)