|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 86
Members: 0
Total: 86
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Target supports http trace method,how can i upload shell? |
|
Posted: Thu Nov 11, 2010 11:08 am |
|
|
manoj9372 |
Regular user |
|
|
Joined: Aug 13, 2010 |
Posts: 16 |
|
|
|
|
|
|
|
As the title says i have been scanning my target for vulnerabilities And i have been found that the target is enabled or supporting the http trace method,
How i can exploit this to upload a shell on my target?
is it possible?
Also target is running windows 2003 o/s with
"Apache httpd 2.2.11 ((Win32) PHP/5.3.0)"
hope i will get some advice... |
|
|
|
|
Posted: Thu Nov 11, 2010 8:49 pm |
|
|
tehanderson |
Active user |
|
|
Joined: Dec 23, 2009 |
Posts: 33 |
|
|
|
|
|
|
|
the TRACE options MAY lead to XST, just google it.XST doesn't let you upload shells on the target directly. But exploiting XST you can manage to get a shell, or some kind of access later on. XST is similar to XSS. If you lure an administrator to run your own crafted XST then you MAY be able to steal his cookies and get access to some kind of admin CP. If the admin CP lets you upload a shell, then you MAY reach your goal. But between saying it and doing it there's sea. |
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|