JustForFun
  • Hello World
  • AI/ML/LLM Security
    • 🐣What is this AREA?
    • 📚Self-Study AI/ML/LLM Roadmap for Security Folks
    • 🌟AI/ML Dictionary
    • 🌰Generative AI in a Nutshell
    • 👹(WIP) AI/ML/LLM Application Security Testing
      • 💉(WIP) Offensive Approach for Prompt Injection Attacks
      • 👾Standard Input: Prompt Injection
      • ⚠️(WIP) Training Issues
      • 🎑(WIP) Multi-Modal LLM Application Security Testing
      • ✨(WIP) Resources
  • Random Research Area
    • What is this AREA?
    • Phishing with MS Office Docs
      • VSTO and Malicious Office Docs
    • Malware Analysis & Development
      • Malware Development
  • AppSecNotes
    • 3rd Party Recon with Javascript - Part1
    • DAV Methods and Old Features
    • API Security Notes
  • OSEP Preperation Notes
    • OSEP Journey Begin!
    • Basics and More
    • Payload Types (Staged vs. Non-Staged)
    • File Smuggling with HTML & JS
    • VBA Basics
    • Basic Phishing Macro Creation Tricks
  • Somethings and Past
    • HackTheBox Lab – Invite Code Write-Up
    • OSCP Yolculuğum
    • VulnHub – SkyTower CTF Walkthrough
    • Markdown Syntax
    • Web Uygulama Güvenliği Ve Güvenli Kod Geliştirme LYK-2014 Notlarım
    • Yalnızca Eğlenmek İçin
Powered by GitBook
On this page

Was this helpful?

  1. AppSecNotes

DAV Methods and Old Features

Previous3rd Party Recon with Javascript - Part1NextAPI Security Notes

Last updated 4 years ago

Was this helpful?

I found some misconfigurations in a bug bounty program. Then I learned some old features.

How can you connect to WebDAV? Probably, you use WebDAV tools like davtest, cadaver, etc. But, if you look carefully at the response of OPTIONS, you can see DAV Methods like PROPFIND, PROPPATCH. These methods are beneficial. If you can not connect with other tools, you can use these methods.

If you wonder DAV methods Recon capabilities, sensitive data exposure, and C2 usage, you can read at my medium.

LogoDAV Methods and Old FeaturesMedium