PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Edit some script descriptions for better line breaks when rendered as

Browse Source 
PDF. Some long URLs were replaced by short redirects under
http://nmap.org/r/.
This commit is contained in:
david
2010-07-17 16:47:31 +00:00
parent 204c2ba4b0
commit bccb8ead89
8 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/http-iis-webdav-vuln.nse
View File

@@ -1,5 +1,5 @@
description = [[
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020 http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx.
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020, http://nmap.org/r/ms09-020.
A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an authentication request (401), another attempt is tried with the malicious encoding. If that attempt returns a successful result (207), then the folder is marked as vulnerable.