How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

Viewing 4 reply threads
  • Author
    Posts
    • #3927
      Rafales
      Participant

      Hi Friends,

      This is purely Ethical hacking and it is a test for me. so please help me in this issue. its urgent.

      I want to create / remote upload a File and Folder in the Web Server that has got vulnerabilities.

      Example host:

      http://101.120.27.21/

      Server Type: Microsoft-IIS/6.0
      Server Side: PHP/ASP
      Application Server: PHP
      Web Server: IIS, IIS6

      Note: The website / webserver has got lots of vulnerabilities like Blind SQL Injection, Cross-Site Scripting, PHP Remote File Inclusion, SQL Injection, Stored Cross-Site Scripting, Windows File Parameter Alteration, Link Injection (facilitates Cross-Site Request Forgery), Unencrypted Login Request etc….

      Exampel URL:

      http://101.120.27.21/gulli_database/

      Now I want to create a Folder and remote upload a File under the “gulli_database” directory. The “gulli_database” directory is write protected / 403: Forbidden.

      Please help me how to create a Folder and remote upload the file under “gulli_database” directory. Is there any scripts / exploits to bypass the the folder protection and write in the folder.

      The File and folder should be uploaded remotely. The gulli_database/ is Forbidden / Write Protected for any users. Only

      admins can write inside the folder. Anonymously I have to bypass it and write into that folder “gulli_database/”. Are there any commands / scripts I can execute in the URL of the browser or any tools exist to bypass the permissions of the folder and remote upload to the write protected directory.

      I tried the http put/mkcol methods but doesnt work. i can view the contents of the directory. there is a guest book “comment” field where scripts can be injected.

      I am connecting to my remote server. webdav is enable but put and mkcol method is disabled. there is also a guest book that is vulnerable to injection.

      please guide me how to go about.

      Thanks and Regards
      Rafales

    • #25089
      Ketchup
      Participant

      This looks suspiciously like a homework assignment.  😉

      I think that you should look into the MSSQL xp_cmdshell stored procedure.  Assuming your database user has access to this procedure and can write to the directory where you would like to upload the file, it should the trick.

    • #25090
      timmedin
      Participant

      Do you know the underlying RDMS? If you don’t send a malformed SQL injection and see what error is returned in order to determine the RDMS. If you can get sql injection you may be able to write a php file (php shell) to do your dirty work.

    • #25091
      Rafales
      Participant

      Now I have the Admin user name and pass of http://101.120.27.21/

      Server Type: Microsoft-IIS/6.0
      Server Side: PHP/ASP
      Application Server: PHP
      Web Server: IIS, IIS6

      Now I need to upload a file from my local system C:test.txt to http://101.120.27.21/gulli_database/

      First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:text.txt) to the remote folder http://101.120.27.21/gulli_database/

      If I don’t login as admin I get “Access Denied” Error Message when I copy a txt file to gulli_database. How to login into remote web server as admin

      What type of connection should I use. Will “Net Use” commands help or should I try thru. FTP / Telnet.

      which method will be sucessfull Net Use commands / Telnet / FTP

      please give me syntax and commands for NET USE commands / FTP / Telnet

      Step 1. Login to remote web server as admin from my Local System
      Step 2. copy C:text.txt to http://101.120.27.21/gulli_database/ and create a Folder name “Test” in http://101.120.27.21/gulli_database/

      Please guide me in this regard

      Thanks and Regards
      Rafales

    • #25092
      timmedin
      Participant

      What is this server? This is a publicly routable ip address.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?