On Tue, Mar 18, 2003 at 02:38:45PM -0800, Royans Tharakan wrote: > Did any one try this out ? Yes. See the comments at the top of the plugin for the tests and their results. > Someone said that OWA is not at risk so we are not patching it for webdav. > I tried using this code (wrote again perl) but it doesn't work against any > SP3 server. Maybe you did not rewrite it properly - if you're not familiar with nasl, i'd not be surprised. The trick is simply to send a long argument to any web-dav related command. Therefore SEARCH /AAAAA[...]AAA HTTP/1.1 should work. Be sure to have the "too long buffer" be made of 65535 chars _exactly_. -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 08:58:32 PST