nuclei-templates/misconfiguration/put-method-enabled.yaml

id: put-method-enabled

info:
  name: PUT Method Enabled
  author: xElkomy
  severity: high
  description: The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into
    the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or
    other attacks.
  reference:
    - https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled
  tags: injection

requests:
  - raw:
      - |
        PUT /testing-put.txt HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/plain

        {{randstr}}

      - |
        GET /testing-put.txt HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/plain

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "{{randstr}}")'

# Enhanced by mp on 2022/04/20
put-method-enabled 2020-08-19 14:18:50 +00:00			`id: put-method-enabled`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00
			`info:`
Dashboard Content Enhancements (#4191) Dashboard Content Enhancements 2022-04-21 21:16:41 +00:00			`name: PUT Method Enabled`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00			`author: xElkomy`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into`
			`the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or`
			`other attacks.`
			`reference:`
			`- https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled`
adding tags to misconfiguration 2021-03-12 08:57:14 +00:00			`tags: injection`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00
			`requests:`
			`- raw:`
			`- \|`
put-method-enabled 2020-08-19 14:18:50 +00:00			`PUT /testing-put.txt HTTP/1.1`
* Added Host headers where needed (validated via disclosures/posts) * Added CVE simple-employee-rce.yaml 2021-09-30 16:52:05 +00:00			`Host: {{Hostname}}`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00			`Content-Type: text/plain`
Update put-method-enabled.yaml 2020-08-19 14:33:55 +00:00
improved matcher 2021-05-04 11:02:53 +00:00			`{{randstr}}`
put-method-enabled 2020-08-19 14:18:50 +00:00
			`- \|`
			`GET /testing-put.txt HTTP/1.1`
* Added Host headers where needed (validated via disclosures/posts) * Added CVE simple-employee-rce.yaml 2021-09-30 16:52:05 +00:00			`Host: {{Hostname}}`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00			`Content-Type: text/plain`
put-method-enabled 2020-08-19 14:18:50 +00:00
Adding updated syntax 2021-03-11 14:17:22 +00:00			`req-condition: true`
Create put-method-test.yaml 2020-08-19 12:17:24 +00:00			`matchers:`
Swapped put-method-enabled to DSL for multi-req 2020-11-19 00:36:57 +00:00			`- type: dsl`
			`dsl:`
improved matcher 2021-05-04 11:02:53 +00:00			`- 'contains(body_2, "{{randstr}}")'`
Dashboard Content Enhancements (#4191) Dashboard Content Enhancements 2022-04-21 21:16:41 +00:00
			`# Enhanced by mp on 2022/04/20`