Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP Verb Tampering

From: T Biehn <tbiehn () gmail com>
Date: Mon, 6 Jul 2009 13:53:22 -0400
All web-servers will respond with the file on the 23^x th try to the
verb: hackit. For a random value x between 1 and 92.
It's in the RFC.

This is best implemented as a metasploit module, forthcoming.

-Travis

On Mon, Jul 6, 2009 at 1:13 PM, <s0ul () hushmail me> wrote:

hey guys,

i need some help with a HTTP Verb Tampering attack!
by using this attack i already gained access to a folder secured by
.htaccess - my problem at the moment is:

HOW TO DOWNLOAD FILES BY USING HTTP Verb Tampering?

GET, POST and HEAD methods are excluded via .htaccess is there any
other method or http verb which allows me to download files without
having to gain "real" admin status?

thanx for your help,
sincerely,
s0ul

--
Find the right voice for your project by clicking here!
 http://tagline.hushmail.com/fc/BLSrjkqeFODyUoGdFsWDkBpxQDOZ5jUIytygbZUMolB9pKy3FjUMy78EFAs/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: