Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V14 - Config

Enabled HTTP PUT method leads to create malicious file on the server

POC

  • Check the allowed HTTP methods curl -v -X OPTIONS http:///test/
  • Upload a malicious file curl --upload-file -v --url -0 --http1.0
  • Observe that the file is uploaded without any problem
  • Try to lead to code execution using the malicious file

Impact

Medium

Likelihood

Medium