HTTP PUT method enabled

Disclosed: 2018-12-11 19:20:27 By hach3ro To ratelimited
Critical
Vulnerability Details
Hi security team, Summary: It is possible to upload files to the server using the PUT method Steps To Reproduce: I used the following request: PUT /emitrani.txt HTTP/1.1 Host: ratelimited.me Content-Length: 10 Connection: close Now a file exists at https://ratelimited.me/emitrani.txt with contents of the put request. ## Impact impact
Actions
View on HackerOne
Report Stats
  • Report ID: 460642
  • State: Closed
  • Substate: spam
  • Upvotes: 8
Share this report