The HTTP has many numbers of methods that used for performing actions on the server. Most of them used for the production system, but many of them designed for testing of the HTTP application. That leads to high threat because of the system misconfiguration. Everyone knows the GET and POST they are the most common HTTP methods. As of today standards, there are eight methods available.
- HEAD
- GET
- POST
- PUT
- DELETE
- TRACE
- OPTIONS
- CONNECT
The most of them are potentially harmful if it not appropriately configured. These methods are much powerful as they can use for modify files and save on web server, in worst case scenarios it can use for stealing credentials and valuable information.
- PUT: With the PUT method, the user can upload a file to the server. So that reason attacker can also upload malicious scripts to the server.
- DELETE: The DELETE method can perform the deletion of a file in the server. It gives leverage to the attacker to perform attacks on the server and also can mount a Dos attack.
- CONNECT: The CONNECT method helps the user to use the web server as a proxy.
- TRACE: The TRACE method used for sending strings to the server, and it echoes back to the client. TRACE is primarily to debug. This method can be used to perform the Cross Site Tracing.
Example
This can be checked by running the command using netcat
$ nc www.victim.com 80
OPTIONS / HTTP/1.1
Host: www.victim.com
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 31 Oct 2006 08:00:29 GMT
Connection: close
Allow: GET, HEAD, POST, TRACE, OPTIONS
Content-Length: 0
Impact
The vulnerability can be exploited using cross-site scripting. This can be leaveraged using two methods:-
- Client side
- Another server
This is usually done using TRACE.
Mitigation / Precaution
The vulnerability can be fixed by:-
- Explicitly checked for a “GET” or “POST” method would be safe.
- Disable methods that are not in use or enabled for debugging.
