Penetration Testing mailing list archives

uploading files to Apache webserver

From: mel <meling () scan-associates net>
Date: Wed, 17 Oct 2001 15:16:35 +0800

Hi, 

I've found a world writable directory on a website that we're
doing due diligence on, but PUT-ting files to the directory (via a script)
seems to be a problem. The directory contains either index.html, index.php
or index.php3 and when I tried to PUT my own script there, it gets
overwritten by the index file.

e.g:

[root@angel perlsrc]# telnet victim.com 80
Trying a.b.c.d...
Connected to victim.com
Escape character is '^]'.
PUT /writable_directory/1.txt HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 17 Oct 2001 07:09:56 GMT
Server: Apache/1.3.12
Vary: accept
Connection: close
Content-Type: text/html
Expires: Wed, 17 Oct 2001 07:09:56 GMT

<<CONTENTS OF INDEX FILES ARE DUMPED HERE>>

--mel 
meling mudin (meling () scan-associates net)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

uploading files to Apache webserver mel (Oct 17)
- <Possible follow-ups>
- Re: uploading files to Apache webserver dzzie (Oct 17)
  - Re: uploading files to Apache webserver mel (Oct 18)