Hmm. You could probably use get if you set a Translate: header, which will force it to WebDav. Dave Aitel Immunity, Inc. http://www2.immunitysec.com/ ----- Original Message ----- From: "Florian Hines" <panth3rat_private> To: "'Aleksander P. Czarnowski'" <alekcat_private> Cc: <pen-testat_private> Sent: Wednesday, March 19, 2003 1:11 PM Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability > According to the SANS conference yesterday the exploit uses a > GET command rather than LOCK. Also "The snort-signatures that > are out now are extremely unreliable at this point" but that > could have changed since yesterday I suppose. > > Florian > > > ##-----Original Message----- > ##From: Aleksander P. Czarnowski [mailto:alekcat_private] > ##Sent: Wednesday, March 19, 2003 8:08 AM > ##To: Nicolas Gregoire; garyo@sec-1.com > ##Cc: pen-testat_private > ##Subject: RE: Microsoft Windows 2000 WebDAV Buffer Overflow > ##Vulnerability > ## > ## > ##> You could give a look to the related Nessus plugin : > ##> #http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plug > ##ins/scrip > ##ts/iis_webdav_overflow.nasl > ## > ##First of all - just from quick testing - it seems than nessus > ##plugin don't work correctly, at least one from 18th of March. > ##Secondly you can use a bit brutal method of using LOCK or any > ##other WebDAV method with buffer >64kb - it was already > ##discussed on ntbugtraq and snort-sigs I believe. But this is > ##still far from working exploit that gives you reverse shell... > ##Best Regards Aleksander Czarnowski AVET INS > ## > ##--------------------------------------------------------------- > ##------------- > ##Did you know that you have VNC running on your network? > ##Your hacker does. Plug your security holes now! > ##Download a free 15-day trial of VAM: > ##http://www2.stillsecure.com/download/sf_vuln_li#st.html > ## > ## > # > > > > -------------------------------------------------------------------------- -- > Did you know that you have VNC running on your network? > Your hacker does. Plug your security holes now! > Download a free 15-day trial of VAM: > http://www2.stillsecure.com/download/sf_vuln_list.html > > ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Thu Mar 20 2003 - 05:59:39 PST