Penetration Testing mailing list archives
RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability
From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Wed, 19 Mar 2003 15:08:13 +0100
You could give a look to the related Nessus plugin :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scrip ts/iis_webdav_overflow.nasl First of all - just from quick testing - it seems than nessus plugin don't work correctly, at least one from 18th of March. Secondly you can use a bit brutal method of using LOCK or any other WebDAV method with buffer >64kb - it was already discussed on ntbugtraq and snort-sigs I believe. But this is still far from working exploit that gives you reverse shell... Best Regards Aleksander Czarnowski AVET INS ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gary O'leary-Steele (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 18)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Renaud Deraison (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Rob Shein (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Royans Tharakan (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Gerardo Richarte (Mar 21)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Frank Knobbe (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Aleksander P. Czarnowski (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Noonan, Wesley (Mar 19)
- RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Florian Hines (Mar 19)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Dave Aitel (Mar 20)
- Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability Nicolas Gregoire (Mar 18)