HTTP PUT, CWE-650: Trusting HTTP Permission Methods on the Server Side

Report generated by XSS.CX at Fri Mar 18 12:50:24 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler

Loading

1. HTTP PUT enabled



1. HTTP PUT enabled

Summary

Severity:   High
Confidence:   Certain
Host:   https://activresa-secure2.icor.fr
Path:   /distributeur/virtual_session.asp

Issue detail

HTTP PUT is enabled on the web server. The file /3c082633eeb175ec.txt was uploaded to the server using the PUT verb, and the contents of the file were subsequently retrieved using the GET verb.

Issue background

The HTTP PUT method is used to upload data which is saved on the server at a user-supplied URL. If enabled, an attacker can place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.

Issue remediation

You should refer to your platform's documentation to determine how to disable the HTTP PUT method on the server.

Request 1

PUT /3c082633eeb175ec.txt HTTP/1.0
Host: activresa-secure2.icor.fr
Content-Length: 16

2da97a6810e503eb

Response 1

HTTP/1.1 201 Created
Connection: close
Date: Fri, 18 Mar 2011 15:27:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://activresa-secure2.icor.fr/3c082633eeb175ec.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK

Request 2

GET /3c082633eeb175ec.txt HTTP/1.0
Host: activresa-secure2.icor.fr

Response 2

HTTP/1.1 200 OK
Cache-Control: max-age=60
Content-Length: 16
Content-Type: text/plain
Last-Modified: Fri, 18 Mar 2011 15:27:13 GMT
Accept-Ranges: bytes
ETag: W/"61076f480e5cb1:3765"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 18 Mar 2011 15:27:12 GMT
Connection: close

2da97a6810e503eb

Report generated by XSS.CX at Fri Mar 18 12:50:24 CDT 2011.