Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Saturday, March 28, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 15
TeamSpeak Online : 5 Members Online: 2

Registered Members: 87667
Newest Member: johny
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 03:40
Apes definition: http method called "PUT" that allows you to upload a file to a server, and if it is allowed you can upload whatever is in the body of the request to the website/server.

But I have a question about this. Is this turned off by default on servers? or does it need to be disallowed with some setting?
How common is it that this is enabled?

There is a tool in backtrack2 called HTTP PUT, its a perl script to make it easy to send a put request. can you tell if someone is vulnerable to this without actually attempting it?




Edited by on 17-08-08 03:42
Author

RE: HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 07:53
It looks like it's turned on by default:
jonathan@jonnycake:~$ nc 127.0.0.1 80
PUT / HTTP/1.1
Host: 127.0.0.1

HTTP/1.1 200 OK
Date: Sun, 17 Aug 2008 06:43:14 GMT
Server: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch11 mod_perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/5.2.0-8+etch11
Set-Cookie: PHPSESSID=34de59a4a88757ff8a3239278be69b1f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1243
Content-Type: text/html; charset=UTF-8


This tells you how to disable it: http://wiki.linux. . .and_DELETE.

2/5 servers that i tested on allowed the put method.