Hi, I've found a world writable directory on a website that we're doing due diligence on, but PUT-ting files to the directory (via a script) seems to be a problem. The directory contains either index.html, index.php or index.php3 and when I tried to PUT my own script there, it gets overwritten by the index file. e.g: [root@angel perlsrc]# telnet victim.com 80 Trying a.b.c.d... Connected to victim.com Escape character is '^]'. PUT /writable_directory/1.txt HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 17 Oct 2001 07:09:56 GMT Server: Apache/1.3.12 Vary: accept Connection: close Content-Type: text/html Expires: Wed, 17 Oct 2001 07:09:56 GMT <<CONTENTS OF INDEX FILES ARE DUMPED HERE>> --mel meling mudin (meling@scan-associates.net) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 11:38:29 PDT