https://eoniboogie.github.io/tags/webdav/index.htmlHugoen-usWed, 15 Apr 2026 17:59:18 +0900https://eoniboogie.github.io/posts/webdav/index.htmlWed, 15 Apr 2026 17:59:18 +0900https://eoniboogie.github.io/posts/webdav/index.htmlWebDAV Exploitation WebDAV (Web Distributed Authoring and Versioning) is an HTTP extension that allows clients to perform remote file operations on a web server. When misconfigured, it can be a powerful attack surface — especially if it requires only basic credentials or has loose upload restrictions. WebDAV typically requires credentials to interact with. Step 1 — Enumerate Allowed File Types with davtest davtest tests which file types can be uploaded and executed on the target WebDAV server.