Thanks Michel. I was able to PUT and DELETE the file sucessfully. However, I guess due to way virtual host is configured, I couldn't actually PUT/DELETE a page into the directory desired. I could access the file created through URL http://1.1.1.1/puttest.html, but no through URK http://www.mywebpage.com/puttest.html.
Any idea if this technique can be further exploited? The server is running IIS5. Thanks. >From: Michel Arboi <[EMAIL PROTECTED]> >To: "LK Lee" <[EMAIL PROTECTED]> >CC: [EMAIL PROTECTED] >Subject: Re: Uploading and delete file through HTTP >Date: 02 Jul 2002 12:41:25 +0200 > >"LK Lee" <[EMAIL PROTECTED]> writes: > > > We could upload the file '/puttest1.html' onto your web server >[snip] > > We could DELETE the file '/puttest1.html'on your web server. >[snip] > > Question: How Nessus tested this? Is it exploiting the webserver > > configuration or application weakness? > >Web server configuration > > > Appreciate if anybody can let me know how to fix up these problems > >Fix the configuration! What server are you using? > > > if possible, tell me how to replay the uploading and deletion. > >$ telnet server 80 >PUT /puttest1.html'on HTTP/1.0 >Content-Length: 10 > >abcdefghij ><RET><RET><CTRL-D> >$ telnet server 80 >DELETE /puttest1.html'on HTTP/1.0 ><RET><RET><CTRL-D> >$ _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
