[Owasp-ireland] IIS webDav, Sharepoint, Auth bypass

Eoin eoin.keary at owasp.org
Tue May 19 09:33:06 EDT 2009


The metasploit 3.0 vuln is a buffer overflow. The vuln detailed below is a
simple HTTP request.

Metasploit not needed just notepad and IE/Firefox :)

If anyone has public facing IIS  6.0 webDav (web distributed authoring and
versioning) it may be worthwhile monitoring this as there is no solution for
this issue currently!

-ek
2009/5/19 davidrook <david.rook at realexpayments.com>

> FYI - if you are a metasploit user an incredibly easy to use module is
> available.
>
> Dave
>
> Eoin wrote:
>
>> FYI
>>
>> http://milw0rm.com/exploits/8704
>>
>> Fairly new exploit, works well with sharepoint and very easy to commit.
>> No Patch available yet.
>>
>> Eoin
>>
>>
>>
>>
>>  ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Owasp-ireland mailing list
>> Owasp-ireland at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>>
>>
>
> --
> David Rook      Security Analyst
> Realex Payments
> Enabling thousands of businesses to sell online.
> Realex Payments Dublin: Castlecourt, Monkstown Farm, Monkstown, Co Dublin.
> Ireland
> t: +353 (0)1 2808559 | f: +353 (0)1 2808538  | www.realexpayments.com
>
> Realex Payments London: 1 Lyric Square, Hammersmith, London W6 0NB, United
> Kingdom. t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264  |
> www.realexpayments.co.uk
>
> Realex Payments Paris: 27 avenue de l'Opéra, 75001 Paris. France. t: +33
> (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51
> Visit our other Realex Payments websites:
> www.airlinepayments.com
> www.sepa.ie
>
> Pay and Shop Limited, trading as Realex Payments has its registered office
> at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is
> registered in Ireland, company number 324929.
> This mail and any documents attached are classified as confidential and are
> intended for use by the addressee(s) only unless otherwise indicated. If you
> are not an intended recipient of this email, you must not use, disclose,
> copy, distribute or retain this message or any part of it. If you have
> received this email in error, please notify us immediately and delete all
> copies of this email from your computer system(s).
>
>
>


-- 
Eoin Keary CISSP CISA
https://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference

OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20090519/45ae8844/attachment.html 


More information about the Owasp-ireland mailing list