Re: WebInspect

From: Dave McCormick (mccormic@xecu.net)
Date: Thu Feb 20 2003 - 08:53:41 EST


Try the DAV Explorer.

http://www.ics.uci.edu/~webdav/

This is a WEBDAV client app that provides:

Treeview of WEBDAV server
Upload and download of web resources
Display all resource props or lock props

etc... etc...

It's LOADS of fun! ;)

Dave McCormick

"Too close for missles, I'm switching to guns."
-Maverick

On Sun, 19 Jan 2003, Indian Tiger wrote:

> Hi,
>
> I was using WebInspect and found Web DAV Support enabled.
> It's execution part suggests following to exploit:
>
> Issue the following request to the server:
> PROPFIND / HTTP/1.0
> Host:
> Content-Length: 0
> I can't understood, how to use these commands to exploit this vulnerability.
> ----------------------------------------------------------------------------
> IIS was not showing any log after running WebInspect.
> I think the directory for this is c:\winnt\system32\logfiles
> ----------------------------------------------------------------------------
>
> Sincerely,
>
> Balwant Rathore, CISSP
>
>
> ----------------------------------------------------------------------------
>
> Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
> box?
> CORE IMPACT does.
> www.securityfocus.com/core
>
>

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:29 EDT