The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.
PoC代码[已公开]
id: put-method-enabled
info:
name: PUT Method Enabled
author: xElkomy
severity: high
description: The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.
reference:
- https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled
metadata:
max-request: 2
tags: injection,misconfig,intrusive,vuln
http:
- raw:
- |
PUT /testing-put.txt HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
{{randstr}}
- |
GET /testing-put.txt HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
matchers:
- type: dsl
dsl:
- 'contains(body_2, "{{randstr}}")'
# digest: 4a0a00473045022100fe96dfecff11661f01c1eb059c2e44541c99e1cc1c17055086f271997260b9c802204866160a8cbaccc2cabbe0d5059f701d906b624b0b7df71a9ee8032ea7e9a07d:922c64590222798bb761d5b6d8e72950