Full Disclosure mailing list archives
Re: HTTP Verb Tampering
From: T Biehn <tbiehn () gmail com>
Date: Mon, 6 Jul 2009 13:53:22 -0400
All web-servers will respond with the file on the 23^x th try to the verb: hackit. For a random value x between 1 and 92. It's in the RFC. This is best implemented as a metasploit module, forthcoming. -Travis On Mon, Jul 6, 2009 at 1:13 PM, <s0ul () hushmail me> wrote:
hey guys, i need some help with a HTTP Verb Tampering attack! by using this attack i already gained access to a folder secured by .htaccess - my problem at the moment is: HOW TO DOWNLOAD FILES BY USING HTTP Verb Tampering? GET, POST and HEAD methods are excluded via .htaccess is there any other method or http verb which allows me to download files without having to gain "real" admin status? thanx for your help, sincerely, s0ul -- Find the right voice for your project by clicking here! http://tagline.hushmail.com/fc/BLSrjkqeFODyUoGdFsWDkBpxQDOZ5jUIytygbZUMolB9pKy3FjUMy78EFAs/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HTTP Verb Tampering s0ul (Jul 06)
- Re: HTTP Verb Tampering T Biehn (Jul 06)