[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] HTTP Verb Tampering

To: "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] HTTP Verb Tampering
From: s0ul@xxxxxxxxxxx
Date: Mon, 06 Jul 2009 19:13:25 +0200

hey guys,

i need some help with a HTTP Verb Tampering attack!
by using this attack i already gained access to a folder secured by 
.htaccess - my problem at the moment is:

HOW TO DOWNLOAD FILES BY USING HTTP Verb Tampering?

GET, POST and HEAD methods are excluded via .htaccess is there any 
other method or http verb which allows me to download files without 
having to gain "real" admin status?

thanx for your help,
sincerely, 
s0ul 

--
Find the right voice for your project by clicking here!
 
http://tagline.hushmail.com/fc/BLSrjkqeFODyUoGdFsWDkBpxQDOZ5jUIytygbZUMolB9pKy3FjUMy78EFAs/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] HTTP Verb Tampering
  - From: T Biehn

Prev by Date: Re: [Full-disclosure] One Click Ownage [White Paper and Scripts]
Next by Date: Re: [Full-disclosure] HTTP Verb Tampering
Previous by thread: [Full-disclosure] FW: Re[2]: Radware AppWall Web Application Firewall: Source code disclosure on management interface
Next by thread: Re: [Full-disclosure] HTTP Verb Tampering
Index(es):
- Date
- Thread