✔️ Ability to exploit a misconfigured web server

✔️ Attacks can be used against embedded devices

✔️ Ability to create a custom PHP shell

Common HTTP methods:

1. GET
2. PUT
3. HEAD
4. POST
5. DELETE

1️⃣GET

→ request a resource

Opening a simple webpage is a GET request in the browser

> GET /page.php HTTP/1.1
Host: www.example.site

passing arguments with GET:

we are passing "course=PTS"

> GET /page.php?course=PTS HTTP/1.1
Host: www.example.site

2️⃣POST

→ submit HTML form data

post parameters must be defined in the body of the request

> POST /page.php HTTP/1.1
Host: www.example.site

username=john&password=pass123

3️⃣HEAD

→ asks for just the Header of the response instead of a response body

> HEAD /page.php HTTP/1.1
Host: www.example.site

4️⃣PUT

→ used to upload a file to the server

it can be a dangerous feature if allowed and/or misconfigured