[Dshield] New http exploit?

Lopez Morales Juan lopez_morales at yahoo.com
Tue Oct 25 00:56:47 GMT 2005


The exploit it this 
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030467.html

This only work with Windows...

I think :p 


--- Ed Truitt <ed.truitt at etee2k.net> wrote:

> Looks like a WebDAV exploit to me.  Guess some one
> is looking for writable websites.
> 
> -EdTr
> -----Original Message-----
> From: M Cook <dshieldlists at versateam.com>
> Date: Mon, 24 Oct 2005 08:06:30 
> To:list at lists.dshield.org
> Subject: [Dshield] New http exploit?
> 
> I think this is the first time I've seen this (on
> our web server). Is it 
> new?
> 
> Client address: 85.98.164.95
> Request: PUT /ownz.htm
> Referer: -
> Cookie: -
> Status code: Forbidden (403)
> Received: 231 bytes
> Sent: 4118 bytes
> Time taken: 547
> Time: 10/23/2005 3:24:37 PM EDT
> User agent:
>
Microsoft+Data+Access+Internet+Publishing+Provider+DAV+1.1
> 
> Other clients doing this are 81.214.177.72 and
> 85.98.81.65.
> 
> Another similar is
> 
> Client address: 85.98.164.116
> Request: PUT /own3d.htm
> Referer: -
> Cookie: -
> Status code: Forbidden (403)
> Received: 236 bytes
> Sent: 4118 bytes
> Time taken: 1891
> Time: 10/19/2005 5:42:44 AM EDT
> User agent:
>
Microsoft+Data+Access+Internet+Publishing+Provider+DAV+1.1
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> Cheers,
> -E D Truitt
> 
> Sent via my BlackBerry from Cingular Wireless
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 


-------------------------------------------
blog http://spaces.msn.com/members/lmjuan/


		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com


More information about the list mailing list