Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 27
Members Online: 0

Registered Members: 82852
Newest Member: sockpuppets
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 03:40
Apes definition: http method called "PUT" that allows you to upload a file to a server, and if it is allowed you can upload whatever is in the body of the request to the website/server.

But I have a question about this. Is this turned off by default on servers? or does it need to be disallowed with some setting?
How common is it that this is enabled?

There is a tool in backtrack2 called HTTP PUT, its a perl script to make it easy to send a put request. can you tell if someone is vulnerable to this without actually attempting it?




Edited by on 17-08-08 03:42
Author

RE: HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 07:53
It looks like it's turned on by default:
jonathan@jonnycake:~$ nc 127.0.0.1 80
PUT / HTTP/1.1
Host: 127.0.0.1

HTTP/1.1 200 OK
Date: Sun, 17 Aug 2008 06:43:14 GMT
Server: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch11 mod_perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/5.2.0-8+etch11
Set-Cookie: PHPSESSID=34de59a4a88757ff8a3239278be69b1f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1243
Content-Type: text/html; charset=UTF-8


This tells you how to disable it: http://wiki.linux. . .and_DELETE.

2/5 servers that i tested on allowed the put method.