While performing a black-box assessment you run an Nmap version and NSE script scan against a target and receive the following excerpt:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 7.5
| http-methods:
| Supported Methods: GET HEAD POST OPTIONS PROPFIND SEARCH LOCK UNLOCK COPY MOVE DELETE
|_ Potentially risky methods: PROPFIND SEARCH LOCK UNLOCK COPY MOVE DELETE
Based on the extra HTTP verbs that are accepted, which built-in IIS feature is most likely enabled, and what is the primary risk if it is left unrestricted?
WebDAV publishing extension; it can let an attacker upload, move, or delete files on the web root if access controls are weak.
ISAPI filters; they could enable kernel-level buffer overflow exploits against custom DLLs.
Application Request Routing (ARR) proxy; it could leak internal host information through reverse-proxy misconfiguration.
The CGI module; it exposes the server to arbitrary code execution through poorly written scripts.
The appearance of WebDAV-specific verbs such as PROPFIND, LOCK, COPY, MOVE, and UNLOCK indicates that the Web Distributed Authoring and Versioning (WebDAV) extension is running on the IIS server. WebDAV is designed to let authorized users create, move, and delete resources through HTTP; however, when it is exposed without proper authentication or access control, an attacker can exploit those same verbs to upload or modify content on the server (for example, place a malicious ASPX or web-shell file). ISAPI filters, CGI, and ARR proxy do not add this particular verb set, and while each can introduce other issues, they do not inherently allow unauthenticated file upload and manipulation via those methods.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WebDAV, and why is it used?
Open an interactive chat with Bash
What are HTTP verbs, and what role do they play in WebDAV?
Open an interactive chat with Bash
How can WebDAV vulnerabilities be mitigated on an IIS server?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .