.

## How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

Newbie

Posts: 2

Joined: Tue Jun 23, 2009 10:32 am

Tue Jun 23, 2009 10:54 am

### How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

Hi Friends,

This is purely Ethical hacking and it is a test for me. so please help me in this issue. its urgent.

I want to create / remote upload a File and Folder in the Web Server that has got vulnerabilities.

Example host:
Code:
http://101.120.27.21/

Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6

Note: The website / webserver has got lots of vulnerabilities like Blind SQL Injection, Cross-Site Scripting, PHP Remote File Inclusion, SQL Injection, Stored Cross-Site Scripting, Windows File Parameter Alteration, Link Injection (facilitates Cross-Site Request Forgery), Unencrypted Login Request etc....

Exampel URL:
Code:
http://101.120.27.21/gulli_database/

Now I want to create a Folder and remote upload a File under the "gulli_database" directory. The "gulli_database" directory is write protected / 403: Forbidden.

Please help me how to create a Folder and remote upload the file under "gulli_database" directory. Is there any scripts / exploits to bypass the the folder protection and write in the folder.

The File and folder should be uploaded remotely. The gulli_database/ is Forbidden / Write Protected for any users. Only

admins can write inside the folder. Anonymously I have to bypass it and write into that folder "gulli_database/". Are there any commands / scripts I can execute in the URL of the browser or any tools exist to bypass the permissions of the folder and remote upload to the write protected directory.

I tried the http put/mkcol methods but doesnt work. i can view the contents of the directory. there is a guest book "comment" field where scripts can be injected.

I am connecting to my remote server. webdav is enable but put and mkcol method is disabled. there is also a guest book that is vulnerable to injection.

Thanks and Regards
Rafales

Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Tue Jun 23, 2009 2:07 pm

### Re: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

This looks suspiciously like a homework assignment.

I think that you should look into the MSSQL xp_cmdshell stored procedure.  Assuming your database user has access to this procedure and can write to the directory where you would like to upload the file, it should the trick.
~~~~~~~~~~~~~~
Ketchup

Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Tue Jun 23, 2009 11:09 pm

### Re: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

Do you know the underlying RDMS? If you don't send a malformed SQL injection and see what error is returned in order to determine the RDMS. If you can get sql injection you may be able to write a php file (php shell) to do your dirty work.
Last edited by timmedin on Sat Jun 27, 2009 6:10 pm, edited 1 time in total.

Newbie

Posts: 2

Joined: Tue Jun 23, 2009 10:32 am

Wed Jun 24, 2009 2:19 am

### Re: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

Now I have the Admin user name and pass of http://101.120.27.21/

Server Type: Microsoft-IIS/6.0
Server Side: PHP/ASP
Application Server: PHP
Web Server: IIS, IIS6

Now I need to upload a file from my local system C:\test.txt to http://101.120.27.21/gulli_database/

First I need to remotely login as admin to the remote webserver and then copy a text file from the local system (C:\text.txt) to the remote folder http://101.120.27.21/gulli_database/

What type of connection should I use. Will "Net Use" commands help or should I try thru. FTP / Telnet.

which method will be sucessfull Net Use commands / Telnet / FTP

please give me syntax and commands for NET USE commands / FTP / Telnet

Step 1. Login to remote web server as admin from my Local System
Step 2. copy C:\text.txt to http://101.120.27.21/gulli_database/ and create a Folder name "Test" in http://101.120.27.21/gulli_database/

Please guide me in this regard

Thanks and Regards
Rafales

Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Sat Jun 27, 2009 6:17 pm

### Re: How to remote upload File / Folder in a 403: Forbidden / Write protected Folder

What is this server? This is a publicly routable ip address.