|
|
|
|
|
| Posted By: |
SecurityTube_Bot
|
| Posted On: |
Mon 21 Feb 2011 |
| Views: |
7875 |
| Share this video: |
|
| Support SecurityTube:
|
|
|
Description: Nikolaos Rangos recently discovered the "Microsoft IIS 6.0 WebDAV Remote Authentication Bypass"vulnerability. According to him this vulnerability allows remote attackers to bypass access restrictions on vulnerable installations of Internet Information Server 6.0. The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly handle unicode tokens when parsing the URI and sending back data. Exploitation of this issue can result in the following: Authentication bypass of password protected folders - Listing, downloading and uploading of files into a password protected WebDAV folder. You can get more information about the vulnerability here. Here is a video demo of the vulnerability exploitation in action.
