WebDav

WebDAV (Web Distributed Authoring and Versioning) is a protocol that extends the HTTP protocol, allowing users to collaboratively author and manage files on a web server, enabling actions like creating, editing, moving, and deleting files remotely.

An HTTP Server with WebDav might require valid credentials to perform file operations, such as creating, deleting or editing existing files. The credentials are most probably required via HTTP Basic Authentication.


IIS5/6 WebDav Extension Bypass

In this specific setting, the WebDav instance won't allow uploading or renaming files with the .asp extension, but you can bypass this restriction by uploading a file as a .txt file and copy/move it to a .asp;.txt file. (Notice the ;"is required, as it is the means for the bypass to work)


Useful Tools

  1. DavTest: An automated tool to perform several checks over the WebDav server.

  2. Cadaver: A tool to connect to the WebDav server via CLI and perform standard WebDav actions manually


Finding Credentials inside an Apache Server

If the Webdav was using an Apache server which you have access to, you should look at configured sites in Apache. You can find these credentials inside the following file: /etc/apache2/sites-enabled/000-default

Last updated

Was this helpful?