HTTP allowed methods



Hi list,
Lately, I've conducted a nikto scan for our corporate IP addresses.
I found a few potential holes like :
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
+ HTTP method 'PUT' method may allow clients to save files on the web server.
+ HTTP method 'DELETE' may allow clients to remove files on the web server.
Now I wish to verify the above mensioned.
How can I go about?
I have tried grabbing banner using netcat and a file containing "GET /
HTTP /1.0"
How can I use netcat for PUT or DELETE?
And what other utilities can be used for this?
Thanking all.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • Re: HTTP allowed methods
    ... HTTP method 'PUT' method may allow clients to save files on the web server. ... How can I use netcat for PUT or DELETE? ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ...
    (Security-Basics)
  • Re: nc question
    ... i am using the GNU Version of netcat so i don't know if it uses a different syntax than the "original" netcat. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)