Causes of Vulnerability
The IIS server opens WebDAV in the WEB service expansion, configures write permissions and script resource access permissions. Cause arbitrary file upload
Build locally
First, allow webDAV to
view the IP command and
adjust the IP address to the IP address of this machine as ipconfig.
Return to visit the IP
because here is mainly for training to write POC, of course, you can also directly use the Guilin veteran to verify and write the shell directly
POC verification
POC verification:
import requests
url = "http://IP"
r = requests.options(url)
result = r.headers['Public']
if result.find("PUT") and result.find("MOVE"):
print("存在IIS PUT漏洞")
else:
print("不存在该漏洞")