Description
This plugin finds .htaccess misconfigurations in the LIMIT configuration parameter. This plugin is based on a paper written by Frame and madjoker from kernelpanik.org. The paper is called : “htaccess: bilbao method exposed” The idea of the technique (and the plugin) is to exploit common misconfigurations of .htaccess files like this one: <LIMIT GET> require valid-user </LIMIT> The configuration only allows authenticated users to perform GET requests, but POST requests (for example) can be performed by any user.
Plugin type
Options
This plugin doesn’t have any user configured options.
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.
