WebApp Sec mailing list archives
Re: putting files with PUT
From: Ryan Dewhurst <ryandewhurst () gmail com>
Date: Fri, 24 Dec 2010 10:43:03 +0000
I explained how I implemented it into DVWA in the following post: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5958.15/ Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r On 23 December 2010 23:16, Tasos Laskos <tasos.laskos () gmail com> wrote:
You need to enable "mod_dav" first which allows for that sort of functionality and then enable PUT for the directories you want -- or the root dir to take care of all of them. Then you can test it with curl like so: http://www.agavemountain.com/2007/09/http-get-post-and-put-with-curl.html Cheers, Tasos L. On Thu, 2010-12-23 at 13:03 +0000, Robin Wood wrote:On a couple of tests recently Nessus has picked up that web servers have had the PUT method enabled and has demonstrated it by putting a file then deleting it again. I'm trying to set this up in my lab but the only way I can find to enable PUT on Apache2 is to have it pass the data to a PHP script which then process it from stdin. When I try to send data it seems to expect the data in the same format as a POST Is there a way to get Apache2 to emulate what I'm seeing on a test where the data entered is just dropped into a file in the document root? This is the first time I've looked at PUT so if I've got the concept wrong in some way let me know. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- putting files with PUT Robin Wood (Dec 23)
- Re: putting files with PUT Tasos Laskos (Dec 23)
- Re: putting files with PUT Ryan Dewhurst (Dec 24)
- Re: putting files with PUT Tasos Laskos (Dec 23)