Donate to us via Paypal!
Don't judge the unknown - Grindordie
Monday, January 18, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 122
Guests Online: 122
Members Online: 0

Registered Members: 132612
Newest Member: BobbySwony
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 03:40
Apes definition: http method called "PUT" that allows you to upload a file to a server, and if it is allowed you can upload whatever is in the body of the request to the website/server.

But I have a question about this. Is this turned off by default on servers? or does it need to be disallowed with some setting?
How common is it that this is enabled?

There is a tool in backtrack2 called HTTP PUT, its a perl script to make it easy to send a put request. can you tell if someone is vulnerable to this without actually attempting it?




Edited by on 17-08-08 03:42
Author

RE: HTTP PUT


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-08 07:53
It looks like it's turned on by default:
[email protected]:~$ nc 127.0.0.1 80
PUT / HTTP/1.1
Host: 127.0.0.1

HTTP/1.1 200 OK
Date: Sun, 17 Aug 2008 06:43:14 GMT
Server: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8+etch11 mod_perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/5.2.0-8+etch11
Set-Cookie: PHPSESSID=34de59a4a88757ff8a3239278be69b1f; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 1243
Content-Type: text/html; charset=UTF-8


This tells you how to disable it: http://wiki.linux. . .and_DELETE.

2/5 servers that i tested on allowed the put method.