7May
How to exploit XSS and SQL injection via HTTP verb tampering?
I was reading a paper about 'HTTP verb tampering' here: https://blog.jeremiahgrossman.com/2008/06/what-you-need-to-know-about-http-verb.html
The author said:
- HTTP verb tampering is generally used in conjunction with syntactic (XSS, SQLi, etc.) and semantic (bypass authentication/authorization controls) attacks as way to bypass certain defense measures. Arshan’s work on implementation details focus on the semantic version.
Can anyone give me an example about how we can exploit an SQL injection and XSS via HTTP verb tampering?
I don't understand the next example in the same paper about this.
