"
The WebDAV vulnerability, which was discovered by security researchers at Palo Alto Networks, is due to the lack of proper checks on the URL in a WebDAV request, leading to a bypass on IIS directories. Microsoft IIS versions 5.0-6.0 are affected. The update is rated important. If successfully exploited, it could give an attacker elevated privileges to gain access to sensitive data. "
"Microsoft patched a WebDAV security vulnerability in Microsoft Internet Information Services (IIS) Web server as part of its monthly Patch Tuesday bulletin release. In all, the software giant issued 10 bulletins, six labeled critical in a mammoth release of security fixes addressing 31 vulnerabilities."
Admins are pissed not just at repeat posts, but also dealing with logs from newbies scanning for the WebDAV vuln.
"If you would like to detect for vulnerable endpoints in your network, you can do so with the help of these posts – using a PERL script and using WebTuff. Now, we also learnt of a method with which you can scan your network for the WebDAV vulnerability. Thanks to SkullSecurity.
Please follow these steps before you actually start scanning:
Find the script http.lua. It’ll be in a folder called ‘nselib’; for example, /usr/local/share/nmap/nselib/http.lua. Replace it with this version.
In that folder (nselib), there’s a directory called ‘data’. Put folders.lst in it.
Go up one directory, and there should be a directory called ’scripts’; for example, /usr/local/share/nmap/scripts. Put http-iis-webdav-vuln.nse in it.
Then on, you can run nmap with these command: (note: html code messed up the lines below)
nmap -sV --script=http-iis-webdav-vuln <target>If you want quicker results, run this command:
nmap -p80,8080 --script=http-iis-webdav-vuln <target>If you want to scan for password protected servers, you can run this command:
nmap -p80,8080 --script=http-iis-webdav-vuln --script-args=webdavfolder=secret <target>According to the author, this script relies on finding a password-protected folder, so it won’t be 100% accurate. If you provide a folder name yourself using the webdavfolder argument, you’re going to have a lot more luck. Once it has the name of a real password-protected folder, it’s 100% reliable.
The trick is finding one.
"
Start here:
http://pentestit.com/2009/05/27/detect- ... lity-nmap/
then here:
Source:
http://www.skullsecurity.org/blog/?p=271
then
http://searchsecurity.techtarget.com/ne ... 96,00.html
DNR