WebDav
Last updated
Was this helpful?
Last updated
Was this helpful?
WebDAV (Web Distributed Authoring and Versioning) is a protocol that extends the HTTP protocol, allowing users to collaboratively author and manage files on a web server, enabling actions like creating, editing, moving, and deleting files remotely.
An HTTP Server with WebDav might require valid credentials to perform file operations, such as creating, deleting or editing existing files. The credentials are most probably required via HTTP Basic Authentication.
Notice: You will need to use the HTTP PUT, DELETE and MOVE verbs to respectively upload, delete and move files.
Sometimes, the WebDav instance might be configured to deny any file upload using specific file extensions. If this configuration is not properly set, you might be able to subvert it by uploading the file with any other accepted extension, and then using a move (rename) operation or a copy operation.
In this specific setting, the WebDav instance won't allow uploading or renaming files with the .asp extension, but you can bypass this restriction by uploading a file as a .txt file and copy/move it to a .asp;.txt file. (Notice the ;"is required, as it is the means for the bypass to work)
: An automated tool to perform several checks over the WebDav server.
: A tool to connect to the WebDav server via CLI and perform standard WebDav actions manually
If the Webdav was using an Apache server which you have access to, you should look at configured sites in Apache.
You can find these credentials inside the following file:
/etc/apache2/sites-enabled/000-default