DAV Methods and Old Features

I found some misconfigurations in a bug bounty program. Then I learned some old features.

How can you connect to WebDAV? Probably, you use WebDAV tools like davtest, cadaver, etc. But, if you look carefully at the response of OPTIONS, you can see DAV Methods like PROPFIND, PROPPATCH. These methods are beneficial. If you can not connect with other tools, you can use these methods.

If you wonder DAV methods Recon capabilities, sensitive data exposure, and C2 usage, you can read at my medium.

Previous3rd Party Recon with Javascript - Part1 NextAPI Security Notes

Last updated 3 years ago