http-iis-webdav-vuln
脚本使用类型:
portrule
脚本所属分类:
vuln, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-iis-webdav-vuln.nse
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020, http://nmap.org/r/ms09-020.
A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an authentication request (401), another attempt is tried with the malicious encoding. If that attempt returns a successful result (207), then the folder is marked as vulnerable.
This script is based on the Metasploit modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb auxiliary module.
For more information on this vulnerability and script, see:
The folder to start in; eg, "/web"
will try "/web/xxx"
.
The filename of an alternate list of folders.
Selects a single folder to use, instead of using a built-in list.
执行格式
nmap --script http-iis-webdav-vuln -p80,8080 <host>
80/tcp open http syn-ack |_ http-iis-webdav-vuln: WebDAV is ENABLED. Vulnerable folders discovered: /secret, /webdav
Author: Ron Bowes and Andrew Orr
License: VER007 整理 http://www.ver007.com