daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

put-method-enabled

patch-1
bauthard 2020-08-19 19:48:50 +05:30
parent 19f0693742
commit ecdd19bf5a
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
security-misconfiguration/put-method-test.yaml → security-misconfiguration/put-method-enabled.yaml
View File

@ -1,30 +1,30 @@
id: PUT-METHOD-TEST id: put-method-enabled
info: info:
name: Improper access control put method upload files. name: PUT method enabled
author: xElkomy author: xElkomy
severity: high severity: high
# https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled /// https://www.youtube.com/watch?v=965spdmf9lw # https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled
requests: requests:
- raw: - raw:
- | - |
PUT /evil.txt HTTP/1.1 PUT /testing-put.txt HTTP/1.1
Content-Type: text/plain Content-Type: text/plain
I will kill you testing-payload
|
GET /evil.txt HTTP/1.1 - |
GET /testing-put.txt HTTP/1.1
Content-Type: text/plain Content-Type: text/plain
I will kill you
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 204
- 200 - 200
- type: word - type: word
words: words:
- "I will kill you" - testing-payload