libwww from w3.org has a nice gui tool for doing this http://www.w3.org/WinCom/ ----- Original Message ----- From: "Tim Russo" <trussoat_private> To: <pen-testat_private> Sent: Friday, September 28, 2001 4:02 PM Subject: HTTP PUT exploitation > Quick question. I have a client who has a misconfigured IIS server (that's > new) which allows anyone to do HTTP PUT commands and place files on the www > server. Is exploiting this as simple as "putting" something like netcat in > the cgi-bin directory and running it with the port listen options? What if > you cannot place files in the cgi-bin directory? How can I use PUT to get a > shell on this system? I know this is a basic question but this is the first > time I found someone has actually done this. > > -Tim > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 13:08:45 PDT