HTTP provides a number of methods that can be used to perform actions on the web server. Many of theses methods are designed to help developers in deploying and testing HTTP applications. These HTTP methods can be used for malfunctioning if the web server is misconfigured. Additionally, Cross Site Tracing (XST), a form of cross site scripting using the server's HTTP TRACE method, is examined.
While GET and POST are by far the most common methods that are used to access information provided by a web server, the Hypertext Transfer Protocol (HTTP) allows several other (and somewhat less known) methods.
RFC 2616 (which describes HTTP version 1.1 which is the standard today) defines the following eight methods:
- HEAD
- GET
- POST
- PUT
- DELETE
- TRACE
- OPTIONS
- CONNECT
You can test for vulnerable test methods using a simple curl command as below.
Use a curl OPTIONS call as below to the Login page or the landing page.
curl -i -X OPTIONS
<URL> --proxy <host>:<port>
E.g.,
curl -i -X OPTIONS https://<Host>:<PORT>/test/login.jsp
If this is vulnerable it should allow OPTIONS method as below and should display all the supporting methods.
HTTP/1.1 200 OK
Allow: GET, HEAD,POST, OPTIONS
Unless it will return a response like 405 Method Not Allowed