Hi, I was using WebInspect and found Web DAV Support enabled. It's execution part suggests following to exploit:
Issue the following request to the server: PROPFIND / HTTP/1.0 Host: Content-Length: 0 I can't understood, how to use these commands to exploit this vulnerability. ---------------------------------------------------------------------------- IIS was not showing any log after running WebInspect. I think the directory for this is c:\winnt\system32\logfiles ---------------------------------------------------------------------------- Sincerely, Balwant Rathore, CISSP ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
