[Owasp-ireland] IIS webDav, Sharepoint, Auth bypass

davidrook david.rook at realexpayments.com
Tue May 19 09:42:22 EDT 2009


Now I can see where I got confused, that module is a scanner but if it 
comes across a system with authentication it uses the exploit that Eoin 
linked to - need to defrag my brain!

Dave

davidrook wrote:
> Sorry, I was thinking of this: 
> http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb?rev=6562
>
> Thats just a scanner to see if you are vulnerable, might be useful for 
> people to use anyway.
>
> Eoin wrote:
>   
>> The metasploit 3.0 vuln is a buffer overflow. The vuln detailed below is a
>> simple HTTP request.
>>
>> Metasploit not needed just notepad and IE/Firefox :)
>>
>> If anyone has public facing IIS  6.0 webDav (web distributed authoring and
>> versioning) it may be worthwhile monitoring this as there is no solution for
>> this issue currently!
>>
>> -ek
>> 2009/5/19 davidrook <david.rook at realexpayments.com>
>>
>>   
>>     
>>> FYI - if you are a metasploit user an incredibly easy to use module is
>>> available.
>>>
>>> Dave
>>>
>>> Eoin wrote:
>>>
>>>     
>>>       
>>>> FYI
>>>>
>>>> http://milw0rm.com/exploits/8704
>>>>
>>>> Fairly new exploit, works well with sharepoint and very easy to commit.
>>>> No Patch available yet.
>>>>
>>>> Eoin
>>>>
>>>>
>>>>
>>>>
>>>>  ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Owasp-ireland mailing list
>>>> Owasp-ireland at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>>>>
>>>>
>>>>       
>>>>         
>>> --
>>> David Rook      Security Analyst
>>> Realex Payments
>>> Enabling thousands of businesses to sell online.
>>> Realex Payments Dublin: Castlecourt, Monkstown Farm, Monkstown, Co Dublin.
>>> Ireland
>>> t: +353 (0)1 2808559 | f: +353 (0)1 2808538  | www.realexpayments.com
>>>
>>> Realex Payments London: 1 Lyric Square, Hammersmith, London W6 0NB, United
>>> Kingdom. t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264  |
>>> www.realexpayments.co.uk
>>>
>>> Realex Payments Paris: 27 avenue de l'Opéra, 75001 Paris. France. t: +33
>>> (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51
>>> Visit our other Realex Payments websites:
>>> www.airlinepayments.com
>>> www.sepa.ie
>>>
>>> Pay and Shop Limited, trading as Realex Payments has its registered office
>>> at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is
>>> registered in Ireland, company number 324929.
>>> This mail and any documents attached are classified as confidential and are
>>> intended for use by the addressee(s) only unless otherwise indicated. If you
>>> are not an intended recipient of this email, you must not use, disclose,
>>> copy, distribute or retain this message or any part of it. If you have
>>> received this email in error, please notify us immediately and delete all
>>> copies of this email from your computer system(s).
>>>
>>>
>>>
>>>     
>>>       
>>   
>>     
>
>   

-- 
David Rook      
Security Analyst
Realex Payments
Enabling thousands of businesses to sell online. 

Realex Payments Dublin: 
Castlecourt, Monkstown Farm, Monkstown, Co Dublin. Ireland
t: +353 (0)1 2808559 | f: +353 (0)1 2808538  | www.realexpayments.com

Realex Payments London: 
1 Lyric Square, Hammersmith, London W6 0NB, United Kingdom. 
t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264  | www.realexpayments.co.uk

Realex Payments Paris: 
27 avenue de l'Opéra, 75001 Paris. France. 
t: +33 (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51 

Visit our other Realex Payments websites:
www.airlinepayments.com
www.sepa.ie

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is registered in Ireland, company number 324929.
This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s). 





More information about the Owasp-ireland mailing list