HTTP Verb Tampering
Last updated
Last updated
Here we have a File Manager. The reset button is restricted for authenticated users only. We'll try to bypass that.
Up on capturing the request on burp and changing the request type from GET to POST
This didn't trigered the reset button. We'll try with HEAD request.
This time it worked as HEAD is very similer to GET and all the file are now deleted.
READ MORE.
