Bug Report On Apple Shopping

Target:

· https://www.apple.com/in/shop.

Description:

· Insecure HTTP methods other than GET and POST are enabled on the webserver. The Hypertext Transfer Protocol (HTTP) which is outlined in RFC 2616 makes available eight methods for web servers. These methods allow additional functionality that an attacker can use to conduct further attacks against the environment and its users.

Custom Description:

· The following HTTP methods are allowed on the webserver: [Insert pages/parameters].

Proof of Concept:

· Captured the request in the burp suite.

· Forwarded the request to the repeater.

· Checked for the response.

· Found Insecure HTTP Methods are enabled.

Impact:

· Although insecure HTTP methods give web applications additional functionality, attackers can leverage them in order to exploit the application. An attacker may be able to upload files such as malware or a web shell to the server (PUT), delete application files in order to deface the application or cause a denial of service (DELETE), use the web server as a proxy in order to attack third-party sites (CONNECT), or conduct cross-site tracing attacks (TRACE).

Risk Rating:

· Likelihood — Low.

· Impact — Medium.

· Overall Risk — Low.

Remediation:

· Only enable HTTP methods on the webserver that is necessary for the application to function properly. Utilize GET and POST for all requests when possible. If needed, enable additional HTTP methods but only for specific resources instead of site-wide and ensure that proper authorization rules are in place to prevent users from maliciously using these methods.

Reference:

· https://owasp.org/www-project-web-security-testing-guide/.

· https://tools.ietf.org/html/rfc2616.