Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP PUT exploitation

From: "Shawn Ingram" <securityguru () earthlink net>
Date: Sat, 29 Sep 2001 17:16:34 -0400
libwww from w3.org has a nice gui tool for doing this

http://www.w3.org/WinCom/


----- Original Message -----
From: "Tim Russo" <trusso () wireguided com>
To: <pen-test () securityfocus com>
Sent: Friday, September 28, 2001 4:02 PM
Subject: HTTP PUT exploitation



Quick question. I have a client who has a misconfigured IIS server (that's
new) which allows anyone to do HTTP PUT commands and place files on the

www

server. Is exploiting this as simple as "putting" something like netcat in
the cgi-bin directory and running it with the port listen options? What if
you cannot place files in the cgi-bin directory? How can I use PUT to get

a

shell on this system? I know this is a basic question but this is the

first

time I found someone has actually done this.

-Tim


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: