Back

HTTP Method Vulnerability Found

By
Rejah Rehim
Published on
24 Jun 2018
2 min read

The HTTP has many numbers of methods that used for performing actions on the server. Most of them used for the production system, but many of them designed for testing of the HTTP application. That leads to high threat because of the system misconfiguration. Everyone knows the GET and POST they are the most common HTTP methods. As of today standards, there are eight methods available.

  • HEAD
  • GET
  • POST
  • PUT
  • DELETE
  • TRACE
  • OPTIONS
  • CONNECT

The most of them are potentially harmful if it not appropriately configured. These methods are much powerful as they can use for modify files and save on web server, in worst case scenarios it can use for stealing credentials and valuable information.

  • PUT: With the PUT method, the user can upload a file to the server. So that reason attacker can also upload malicious scripts to the server.
  • DELETE: The DELETE method can perform the deletion of a file in the server. It gives leverage to the attacker to perform attacks on the server and also can mount a Dos attack.
  • CONNECT: The CONNECT method helps the user to use the web server as a proxy.
  • TRACE: The TRACE method used for sending strings to the server, and it echoes back to the client. TRACE is primarily to debug. This method can be used to perform the Cross Site Tracing.

Example

This can be checked by running the command using netcat

        $ nc www.victim.com 80
        OPTIONS / HTTP/1.1
        Host: www.victim.com
        
        HTTP/1.1 200 OK
        Server: Microsoft-IIS/5.0
        Date: Tue, 31 Oct 2006 08:00:29 GMT
        Connection: close
        Allow: GET, HEAD, POST, TRACE, OPTIONS
        Content-Length: 0

Impact

The vulnerability can be exploited using cross-site scripting. This can be leaveraged using two methods:-

  • Client side
  • Another server

This is usually done using TRACE.

Mitigation / Precaution

The vulnerability can be fixed by:-

  • Explicitly checked for a “GET” or “POST” method would be safe.
  • Disable methods that are not in use or enabled for debugging.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Rejah Rehim
Rejah Rehim
Co-founder, Director
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour