IIS WebDav Vulnerability in Action

Nikolaos Rangos recently discovered the "Microsoft IIS 6.0 WebDAV Remote Authentication Bypass"vulnerability. According to him this vulnerability allows remote attackers to bypass access restrictions on vulnerable installations of Internet Information Server 6.0. The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly handle unicode tokens when parsing the URI and sending back data. Exploitation of this issue can result in the following: Authentication bypass of password protected folders - Listing, downloading and uploading of files into a password protected WebDAV folder. You can get more information about the vulnerability here. Here is a video demo of the vulnerability exploitation in action.

Milw0rm hosts one of the best Exploit databases on the web. The Exploits are separated by exploit type (local, remote, DoS, etc.).