- Ryan Linn released a Metasploit module based on the DAVTest idea. Like DAVTest, it attempts to use mathematical operations to determine if code can execute on the web server.
- Chris Gates posted a good article titled "More with Metasploit and WebDAV," which gives a nice tutorial on how to exploit misconfigured web servers using Ryan Linn's module with Metasploit. It also points out a nice
trickfeature with IIS/ASP.
I'm going to try and whip up a new release of DAVTest in the next week or so, incorporating a few ideas from these guys, as well as a bit of housekeeping and other updates.
If you have suggestions for the next release or tests for more languages, reply here or send me an email.