8.1 HTTP Verb
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
| HTTP Verb | Explanation |
|---|---|
GET |
Abused for information gathering and query string-based attacks; often targeted as it's used to request data from a specified resource. |
POST |
Commonly exploited for injecting malicious data or commands as it sends data to a server to create/update a resource. |
PUT |
Misused to upload files or data to the server; can lead to unauthorized file uploads if not properly secured. |
DELETE |
If not properly secured, it can be abused to remove critical data or files from the server. |
HEAD |
Similar to GET but only requests the headers; can be exploited for reconnaissance without triggering logging mechanisms as clearly as GET. |
OPTIONS |
Can reveal information about the server's capabilities and configurations, potentially exposing vulnerabilities. |
TRACE |
Used to echo back input for diagnostic purposes; can be exploited in Cross-Site Tracing (XST) attacks to steal information like cookies. |
CONNECT |
Meant for use with proxies, but can be abused to set up unauthorized network tunnels if the server is misconfigured. |
PATCH |
Used for partial modifications to resources; if not properly validated, it can lead to data corruption or unauthorized data manipulation. |
COPY |
Part of the WebDAV extension; can be abused to duplicate files or data, potentially leading to unauthorized data access or server overload. |