Penetration Testing mailing list archives
uploading files to Apache webserver
From: mel <meling () scan-associates net>
Date: Wed, 17 Oct 2001 15:16:35 +0800
Hi, I've found a world writable directory on a website that we're doing due diligence on, but PUT-ting files to the directory (via a script) seems to be a problem. The directory contains either index.html, index.php or index.php3 and when I tried to PUT my own script there, it gets overwritten by the index file. e.g: [root@angel perlsrc]# telnet victim.com 80 Trying a.b.c.d... Connected to victim.com Escape character is '^]'. PUT /writable_directory/1.txt HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 17 Oct 2001 07:09:56 GMT Server: Apache/1.3.12 Vary: accept Connection: close Content-Type: text/html Expires: Wed, 17 Oct 2001 07:09:56 GMT <<CONTENTS OF INDEX FILES ARE DUMPED HERE>> --mel meling mudin (meling () scan-associates net) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- uploading files to Apache webserver mel (Oct 17)
- <Possible follow-ups>
- Re: uploading files to Apache webserver dzzie (Oct 17)
- Re: uploading files to Apache webserver mel (Oct 18)