The principle and recurrence of IIS PUT vulnerability

Others 2021-03-22 09:20:19 views: null

Causes of Vulnerability

The IIS server opens WebDAV in the WEB service expansion, configures write permissions and script resource access permissions. Cause arbitrary file upload

Build locally

First, allow webDAV to
Insert picture description here
view the IP command and
Insert picture description here
adjust the IP address to the IP address of this machine as ipconfig.
Insert picture description here
Return to visit the IP Insert picture description here
because here is mainly for training to write POC, of ​​course, you can also directly use the Guilin veteran to verify and write the shell directly

POC verification

POC verification:

import requests

url = "http://IP"

r = requests.options(url)

result = r.headers['Public']
if result.find("PUT") and result.find("MOVE"):
    print("存在IIS PUT漏洞")
else:
    print("不存在该漏洞")

Guess you like

Origin blog.csdn.net/p_utao/article/details/113255513
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com