websecurity February 2008 archive
Main Archive Page > Month Archives  > websecurity archives
websecurity: [WEB SECURITY] Using PUT to add file on remote IIS

[WEB SECURITY] Using PUT to add file on remote IIS 6.0

From: Hamdan Kasim <terlaklintau_at_nospam>
Date: Sat Feb 23 2008 - 03:58:09 GMT
To: websecurity@webappsec.org


HI.. I am trying to do a pen test to my friend's web server. I did the OPTIONS * HTTP/1.0, and get the reply back. The server allows PUT, DELETE etc.

So I'm trying to add a file remotely using this command

PUT /test.html HTTP/1.1
Host : target_hostname
Content-Length : 10
Content-Type: text/html

When i hit enter several times.. I got the 403 forbidden request. I know this happens because the directory is not writable for me.

The questions are :
1. Actually how to test properly if the directory is writable or not?

2. How to properly issue the command PUT? I've use several tools like http://www.webdav.org/cadaver/ on fedora and winie.

3. Is it possible to add a file remotely using this PUT method?

Thanks..        


Never miss a thing. Make Yahoo your homepage.

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.