WebDAV Exploit Checking Tool

IIS 6 sites with the WebDAV extension enabled may be vulnerable to authentication bypass because of a bug in the way that the extension handles Unicode characters.

Cutting the URI path with random Unicode characters allows hackers to bypass the access control list. Depending on the permissions of the Web server files, a hacker would be able to retrieve user names and passwords, upload, overwrite and delete files, or run malicious code.



FAQs

Got questions about dotDefender? Please visit our knowledgebase for answers or contact Support at support@applicure.com.


Featured Blog Posts

WikiLeaks, the Mega-D botnet and online privacy led the way in cyber-security news this past week.

... read more ...

The Anatomy of a SQL Injection Attack

SQL injections are one of the most dangerous attacks used against web applications. In 2010, ... read more ...

Vendor Lock In or Ignorant Design?

I often hear people say '”I’m not going to use Microsoft stuff because the don’t ... read more ...

Use the WebTuff utility to check your system vulnerability:

  1. Try to retrieve the file at the given URI using a simple WebDAV GET command
  2. Try to retrieve the file at the given URI using a simple WebDAV GET command, cutting the URI with these Hex | Unicode characters: %c0 and %af.
  3. Save the retrieved file locally and / or report server response

Download the Free WebTuff Tool:
WebTuff link (zip file containing win32 binary + Python source code)
WebTuff-MD5 (MD5 hash of WebTuff binary)


Related Articles:

NetMagic Solutions and Applicure Team Up
Applicure Develops Channel in Germany
DedicatedNOW and Applicure Partnership

Applicure Technologies Ltd.

Products

Solutions

Connect with Applicure

Please Wait...