68 matches found
dav
This plugin finds WebDAV configuration errors. These errors are generally server configuration errors rather than a web application errors. To check for vulnerabilities of this kind, the plugin will try to PUT a file on a directory that has WebDAV enabled, if the file is uploaded successfully, th...
Uniscan 4.0 vulnerability scanner Released
Uniscan 4.0 vulnerability scanner Released The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 GPL 3. The Uniscan was developed using the Perl programming language to be...
Uniscan 4.0 vulnerability scanner Released
Uniscan 4.0 vulnerability scanner Released The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 GPL 3. The Uniscan was developed using the Perl programming language to be...
MS IIS 6.0 WebDAV Auth. Bypass Exploit
Exploit for windows platform in category remote exploits ====================================== MS IIS 6.0 WebDAV Auth. Bypass Exploit ====================================== Author : FoX HaCkEr Contact : email protected SiTe : www.sec4ever.com...
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)
!/usr/bin/perl -W Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit written by ka0x Advisory: http://www.milw0rm.com/exploits/8765 Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others! use IO::Socket ; my $host, $path = @ARGV ; my $port = 80 ; webserver...
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
!/usr/bin/env perl Wordpress 2.2 and Wordpress MU Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-advisory.html use Digest::MD5 qwmd5hex; use LWP::UserAgent; my $ua = new LWP::UserAgent; my $blog = $ARGV0; my $user = $ARGV1; my $pass = $ARGV2; my...
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on autisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "this works if "phpicalendarpublishing" is set to 1 in config.inc.php\r\n\r\n"; short explaination: phpICal lets users upload/delete files in WebDAV style through PUT / DELETE method;...
Web Server HTTP Dangerous Method Detection
The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server. The DELETE method allows an attacker to delete arbitrary content fr...