HTTP allowed methods
- From: Alcides <alcides.hercules@xxxxxxxxx>
- Date: Thu, 21 Sep 2006 18:32:35 +0530
Hi list,
Lately, I've conducted a nikto scan for our corporate IP addresses.
I found a few potential holes like :
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
+ HTTP method 'PUT' method may allow clients to save files on the web server.
+ HTTP method 'DELETE' may allow clients to remove files on the web server.
Now I wish to verify the above mensioned.
How can I go about?
I have tried grabbing banner using netcat and a file containing "GET /
HTTP /1.0"
How can I use netcat for PUT or DELETE?
And what other utilities can be used for this?
Thanking all.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- Re: HTTP allowed methods
- From: Mark Merchant
- Re: HTTP allowed methods
- From: sun sadm
- Re: HTTP allowed methods
- Prev by Date: Re: Security procedure question
- Next by Date: Hackers in the House
- Previous by thread: Comptia Linux+, Security+
- Next by thread: Re: HTTP allowed methods
- Index(es):
Relevant Pages
|
