[Zope] HTTP PUT
David
davidr at talamh.org.uk
Wed May 3 18:12:14 EDT 2006
Hi
I need confirmation (mainly for some peace of mind, but also because
reading google results, all sorts of questions from in my head).
I have a user messing with a site using HTTP PUT to upload files. The
user has access privileges to use a simple CMS (although for the time
being now, they're revoked). Will switching off the permission for
"WebDAV access" prevent any successful PUT or do we need to take
further actions?
We also allow FTP access to certain directories. Can this be abused
to upload files elsewhere?
Here's a log entry:
10.0.9.1 - potter [03/May/2006:17:02:02 +0100] "PUT /site/microsites/
harry/home/Home Page/page/add_block?block=1/ter_restrnt.jpg HTTP
/1.1" 204 221 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.7.12) Gecko/20050915"
10.0.9.1 - potter [03/May/2006:17:02:02 +0100] "PUT /site/microsites/
harry/home/Home Page/page/add_block?block=1/small_show.jpg HTTP/
1.1" 204 221 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.7.12) Gecko/20050915"
10.0.9.1 - potter [03/May/2006:17:02:03 +0100] "PUT /site/microsites/
harry/home/Home Page/page/add_block?block=1/small_c-exhibition00
31.jpg HTTP/1.1" 204 221 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.7.12) Gecko/20050915"
10.0.9.1 - potter [03/May/2006:17:02:04 +0100] "PUT /site/microsites/
harry/home/Home Page/page/add_block?block=1/College Logo.jpg HTT
P/1.1" 204 221 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.7.12) Gecko/20050915"
10.0.9.1 - potter [03/May/2006:17:02:04 +0100] "PUT /site/microsites/
harry/home/Home Page/page/add_block?block=1/page/Home Page HTTP/
1.1" 204 221 "" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.7.12) Gecko/20050915"
Thanks for any help.
DR
More information about the Zope
mailing list