wvu
commented
7 years ago Maybe you could post some console output or a screenshot?
Closed theyush closed 7 years ago
wvu
commented
7 years ago Maybe you could post some console output or a screenshot?
wvu
commented
7 years ago It's probably not vulnerable.
152 print_error("#{ip}: File doesn't seem to exist. The upload probably failed")
theyush
commented
7 years ago 
I tried to change the path as well but still same result.
wvu
commented
7 years ago Just because the method is allowed doesn't necessarily mean it'll work.
wvu
commented
7 years ago That looks like Nikto. "Trust but verify" applies to vuln scanners, too. I'd test with your favorite webapp tool (this could even be plain curl).
wvu
commented
7 years ago Judging by the Server header, maybe you should try something else? https://www.mdsec.co.uk/2016/10/building-an-iot-botnet-bsides-manchester-2016/
jmartin-tech
commented
7 years ago Closing as likely a false positive detection, an action being reported as available by a server does not mean it this particular vector is not mitigated in some way.
I found OSVDB 397 in our project and when I try to use the exploit it is showing an error that file doesn't seem to exists when using PUT action.