"LK Lee" <[EMAIL PROTECTED]> writes: > We could upload the file '/puttest1.html' onto your web server [snip] > We could DELETE the file '/puttest1.html'on your web server. [snip] > Question: How Nessus tested this? Is it exploiting the webserver > configuration or application weakness?
Web server configuration > Appreciate if anybody can let me know how to fix up these problems Fix the configuration! What server are you using? > if possible, tell me how to replay the uploading and deletion. $ telnet server 80 PUT /puttest1.html'on HTTP/1.0 Content-Length: 10 abcdefghij <RET><RET><CTRL-D> $ telnet server 80 DELETE /puttest1.html'on HTTP/1.0 <RET><RET><CTRL-D> $
