Use curl to determine whether the website opens the insecure HTTP method
Use the curl command to test:
curl -v -X OPTIONS http://www.xxx.com/
View response Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Generally we think that it is not safe to use put, delete, trace and other methods
————————————————————————————————
Create a website Page, use curl command to judge whether it can be uploaded
curl -v -T 1.html http://www.xxxx.com/1.html
————————————————————————————————
Find an existing page, such as 2.html
curl -X DELETE http://www.xxx.com/2.html
Find a page for deletion test.
If the deletion is successful, the attack is effective.