web shell upload - creating a backdoor
passwords and sensitive information theft
local execution of uploaded malicious code
"Copyright 2009, Raviv Raz - firstname.lastname@example.org"
print "WebTuff is a testing utility that verifies"
print "whether your IIS server is vulnerable to"
print "Microsoft IIS 6.0\nWebDAV Remote Authentication Bypass"
print "In a successful breach, WebTuff saves the"
print "remote resource locally under the same name"
print "\nUsage: %s
The following WebTuff utility is a proof of concept that performs the following actions:
1-Try to retrieve the file at the given URI using a simple WebDAV GET command
2-Try to retrieve the file at the given URI using a simple WebDAV GET command, and the assistance of our friends %c0 and %af in the middle of the URI
3-Save the retrieved file locally and / or report server response
Download and More Info