How To Delete Files Of A Website
There is a way to delete files of a website with the help of the http [hyper text transfer protocol] but this security hole is mostelyclosed, this hole is caused by stupid administrators which can't configure there apache or iis or any other http server
4-1-1 - HTTP
The http exists since 1990, before this time the internet was used to make a file exchange with the ftp or to get in mailboxes where you can write messages or many other things, with the http and html [hyper text mark language] the www_clients like netscape or ie can interprete this hyper text to display informations or other things like you know, but what the user can't see when he uses such a client that the http follows also the request_answer_play, the client requests informations with a special command, which i will explain beside others later, and the http server answers with the requested informations, this requests or answers are http messages which could be simple_request or simple_response or full_request or full_response, the simple http_messages based on http/0.9 and the full messages on http/1.0, but the difference between this messages is very small, except the one of html/0.9 and html/1.0
1 - get [address], the address is the whole like http://www.target.com/index.html this command requests the informations [the code] in this file and if the file is a cgi it have to be executed and the produced informations will be send to client the difference between this simple_request and the full_request is that the full_request ends with http/1.0 like this : [get http://www.target.com/index.html http/1.0]
2 - head [addy], it have to be a complete addy too, the small difference between this command and the get command is that this command only meta_tags and the other informations in the title tag
3 - post [addy], this is used for bigger data it is mostley used for data which have to be send to a program
4 - put [addy], with put you send data to the server like html documents and this data is saved under the addy
5 - delete [addy], this is the opposite of put so it deletes the data which you have specified with the addy
4-1 - How To Delete Files Of A Website
With your instinct you have discovered that there is a security hole, the http protocol today is used in combinition with the ftp, so that means ftp is used by webmasters to upload their files and http is used by the client to resolve these site, but in former times concrete, at the development of the http the developers aimed to make it easier to upload files, so not with the ftp and that means without a special ftp-client, so they created a command to upload and delete files on a webserver, but the problem is that the http didn't use an authentication but ftp does, so that means that the most administrators disabled these commands to shut a security hole, but there are not only experienced admins out there but stupid too, so there is still such a hole which waits to be used, how ever telnet is an excellent simple tool, so if you want to use this security hole connect to the destination hostname or ip [you can use a hostname because dns will be used to resolve the ip] on port 80, i have showed you guys how to do it, when the connection is established you can use the commands which are discribed.
*USE AT YOUR OWN RISK*
No comments:
Post a Comment