WebInspect

From: Indian Tiger (indiantiger@mailandnews.com)
Date: Sun Jan 19 2003 - 10:38:25 EST

• Next message: Jeremy Junginger: "NetMeeting and H.323"
• Previous message: Maarten: "php and netcat?"
• Next in thread: Kevin Spett: "Re: WebInspect"
• Reply: Kevin Spett: "Re: WebInspect"
• Reply: David Litchfield: "Re: WebInspect"
• Reply: Dave McCormick: "Re: WebInspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I was using WebInspect and found Web DAV Support enabled.
It's execution part suggests following to exploit:

Issue the following request to the server:
PROPFIND / HTTP/1.0
Host:
Content-Length: 0
I can't understood, how to use these commands to exploit this vulnerability.
----------------------------------------------------------------------------
IIS was not showing any log after running WebInspect.
I think the directory for this is c:\winnt\system32\logfiles
----------------------------------------------------------------------------

Sincerely,

Balwant Rathore, CISSP

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core

• Next message: Jeremy Junginger: "NetMeeting and H.323"
• Previous message: Maarten: "php and netcat?"
• Next in thread: Kevin Spett: "Re: WebInspect"
• Reply: Kevin Spett: "Re: WebInspect"
• Reply: David Litchfield: "Re: WebInspect"
• Reply: Dave McCormick: "Re: WebInspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT