Description: Nikolaos Rangos recently discovered the "Microsoft IIS 6.0 WebDAV Remote Authentication Bypass"<style type="text/css">body { background: #FFF; }</style>vulnerability. According to him this vulnerability allows remote attackers to bypass access restrictions on vulnerable installations of Internet Information Server 6.0. The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly handle unicode tokens when parsing the URI and sending back data. Exploitation of this issue can result in the following: Authentication bypass of password protected folders - Listing, downloading and uploading of files into a password protected WebDAV folder. You can get more information about the vulnerability here. Here is a video demo of the vulnerability exploitation in action. <br><br><br><br></div>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.