HTTP PUT method enabled

Disclosed: 2018-12-11 15:55:47 By emitrani To ratelimited

Critical

Vulnerability Details

Hi security team, **Summary:** It is possible to upload files to the server using the PUT method ## Steps To Reproduce: 1. I used the following request: ``` PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close emitrani POC ``` Now a file exists at https://ratelimited.me/emitrani.txt with contents of the put request. ## Impact Anyone can upload files to the server. Regards, Eray

Actions

View on HackerOne

Report Stats

Report ID: 369581
State: Closed
Substate: resolved
Upvotes: 43

HTTP PUT method enabled

Vulnerability Details

Actions

Report Stats

Share this report