HTTP Verb Tampering
can be exploited by sending malicious requests using unexpected methods, which may lead to bypassing the web application's authorization mechanism or even bypassing its security controls against other web attacks
Insecure Coding
$pattern = "/^[A-Za-z\s]+$/";
if(preg_match($pattern, $_GET["code"])) {
$query = "Select * from ports where port_code like '%" . $_REQUEST["code"] . "%'";
...SNIP...
}Insecure Configurations
<Limit GET POST>
Require valid-user
</Limit>Attack
Crafting custom HTTP requests
[METHOD] /[index.htm] HTTP/1.1
host: [www.example.com]OPTIONS /index.html HTTP/1.1
host: www.example.comGET /index.html HTTP/1.1
host: www.example.comHEAD /index.html HTTP/1.1
host: www.example.comPOST /index.html HTTP/1.1
host: www.example.comPUT /index.html HTTP/1.1
host: www.example.comDELETE /index.html HTTP/1.1
host: www.example.comTRACE /index.html HTTP/1.1
host: www.example.comCONNECT /index.html HTTP/1.1
host: www.example.comAutomated HTTP Verb Tampering Testing
#!/bin/bash
for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND;
do
printf "$webservmethod " ;
printf "$webservmethod / HTTP/1.1\nHost: $1\n\n" | nc -q 1 $1 80 | grep "HTTP/1.1"
doneReference
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/03-Testing_for_HTTP_Verb_Tampering
Last updated