put-method-enabled

security-misconfiguration/put-method-enabled.yaml

@@ -1,30 +1,30 @@
-id: PUT-METHOD-TEST
+id: put-method-enabled
 
 info:
-  name: Improper access control put method upload files.
+  name: PUT method enabled
   author: xElkomy
   severity: high
 
-# https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled /// https://www.youtube.com/watch?v=965spdmf9lw
+# https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled
 
 requests:
   - raw:
       - |
-        PUT /evil.txt HTTP/1.1
+        PUT /testing-put.txt HTTP/1.1
         Content-Type: text/plain
         
-        I will kill you
-        |
-        GET /evil.txt HTTP/1.1
+        testing-payload
+
+      - |
+        GET /testing-put.txt HTTP/1.1
         Content-Type: text/plain
-        
-        I will kill you
+
     matchers-condition: and
     matchers:
       - type: status
         status:
-          - 204
           - 200
+
       - type: word
         words:
-          - "I will kill you"
+          - testing-payload