Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Thursday, September 29, 2011

HTTP DELETE Method Exploit

After executing the OPTIONS HTTP method you will find a list of allowed methods, Which means those methods are supported by your web server. Now if DELETE method is available in the allowed method list, then you can use this method to delete some page from the web server, So when use of that website browse that page the web server is not able to server the request and through page not found 404 error. To perform this test follow the below steps:

First open the command prompt and type the below command

telnet 80

DELETE /TargetPage.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: anysite
Content-Length: 2381
Connection: Keep-Alive

No comments:

Post a Comment