HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests online
 
Advertisement

You are here: Home arrow Resourcesarrow Tutorialsarrow Tutorial Requestsarrow How to remote upload File / Folder in a 403: Forbidden / Write protected Folder
EH-Net
May 26, 2013, 02:52:57 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder  (Read 12206 times)
0 Members and 1 Guest are viewing this topic.
Rafales
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: June 23, 2009, 10:54:15 AM »
Hi Friends,

This is purely Ethical hacking and it is a test for me. so please help me in this issue. its urgent.

I want to create / remote upload a File and Folder in the Web Server that has got vulnerabilities.

Example host:
Code:
http://101.120.27.21/


Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6


Note: The website / webserver has got lots of vulnerabilities like Blind SQL Injection, Cross-Site Scripting, PHP Remote File Inclusion, SQL Injection, Stored Cross-Site Scripting, Windows File Parameter Alteration, Link Injection (facilitates Cross-Site Request Forgery), Unencrypted Login Request etc....

Exampel URL:
Code:
http://101.120.27.21/gulli_database/


Now I want to create a Folder and remote upload a File under the "gulli_database" directory. The "gulli_database" directory is write protected / 403: Forbidden.

Please help me how to create a Folder and remote upload the file under "gulli_database" directory. Is there any scripts / exploits to bypass the the folder protection and write in the folder.

The File and folder should be uploaded remotely. The gulli_database/ is Forbidden / Write Protected for any users. Only

admins can write inside the folder. Anonymously I have to bypass it and write into that folder "gulli_database/". Are there any commands / scripts I can execute in the URL of the browser or any tools exist to bypass the permissions of the folder and remote upload to the write protected directory.

I tried the http put/mkcol methods but doesnt work. i can view the contents of the directory. there is a guest book "comment" field where scripts can be injected.

I am connecting to my remote server. webdav is enable but put and mkcol method is disabled. there is also a guest book that is vulnerable to injection.


please guide me how to go about.


Thanks and Regards
Rafales
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #1 on: June 23, 2009, 02:07:53 PM »
This looks suspiciously like a homework assignment.  Wink

I think that you should look into the MSSQL xp_cmdshell stored procedure.   Assuming your database user has access to this procedure and can write to the directory where you would like to upload the file, it should the trick.
Logged
~~~~~~~~~~~~~~
Ketchup
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #2 on: June 23, 2009, 11:09:12 PM »
Do you know the underlying RDMS? If you don't send a malformed SQL injection and see what error is returned in order to determine the RDMS. If you can get sql injection you may be able to write a php file (php shell) to do your dirty work.
« Last Edit: June 27, 2009, 06:10:21 PM by timmedin » Logged
twitter.com/timmedin | http://blog.securitywhole.com
Rafales
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #3 on: June 24, 2009, 02:19:12 AM »
Now I have the Admin user name and pass of http://101.120.27.21/

Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6


Now I need to upload a file from my local system C:\test.txt to http://101.120.27.21/gulli_database/

First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:\text.txt) to the remote folder http://101.120.27.21/gulli_database/

If I don't login as admin I get "Access Denied" Error Message when I copy a txt file to gulli_database. How to login into remote web server as admin
 
What type of connection should I use. Will "Net Use" commands help or should I try thru. FTP / Telnet.

which method will be sucessfull Net Use commands / Telnet / FTP

please give me syntax and commands for NET USE commands / FTP / Telnet

Step 1. Login to remote web server as admin from my Local System
Step 2. copy C:\text.txt to http://101.120.27.21/gulli_database/ and create a Folder name "Test" in http://101.120.27.21/gulli_database/

Please guide me in this regard

Thanks and Regards
Rafales
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #4 on: June 27, 2009, 06:17:34 PM »
What is this server? This is a publicly routable ip address.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.075 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.