During a web server assessment, you run the NSE script http-methods and discover that the target Apache 2.4 server allows the PUT method on /var/www/html. According to a standard attack methodology, which action should you attempt next to move from enumeration to exploitation of the server?
Upload a server-side script (for example, a PHP reverse shell) via HTTP PUT and then request the file in a browser.
Perform a SQL injection test on the application's search parameter.
Invoke the TRACE method to capture cookies through cross-site tracing.
Launch a cross-site scripting payload against the login page.
In most default configurations, the PUT method should be disabled. If it is enabled on a directory that is mapped to the document root, an attacker can upload arbitrary files. The logical next step is to upload a server-side script-such as a PHP or ASPX reverse shell-using an HTTP PUT request and then browse to that file to execute code on the server. The other options move the engagement to unrelated vulnerability classes (XSS, SQLi, XST) and do not directly leverage the discovered misconfiguration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the HTTP PUT method, and why is it important in this context?
Open an interactive chat with Bash
What is a PHP reverse shell, and how does it relate to server exploitation?
Open an interactive chat with Bash
How can misconfiguring the document root lead to exploitation?
Open an interactive chat with Bash
What is the HTTP PUT method and why is it considered dangerous in certain configurations?
Open an interactive chat with Bash
What is a PHP reverse shell, and how does it work in exploitation?
Open an interactive chat with Bash
How do NSE scripts, like http-methods, aid in vulnerability assessment?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .