[WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering

Martin O'Neal martin.oneal at corsaire.com
Thu May 29 09:58:12 EDT 2008

> Not sure how you can question whether or not I know the RFC

I'm not questioning your familiarity with the RFC, I'm questioning your
assertion that "The HEAD-redirect-to-GET and arbitrary verbs being
forwarded to GET handler are the unique takeaways".

A web server working as per the RFC is a unique discovery worthy of a
paper in what way?


Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list