Hanno Böck
https://hboeck.de/
Twitter: @hanno
https://example.com/.git/config
https://github.com/internetwache/GitTools
vim wp-config.php
creates a temporary file .wp-config.php.swp
https://example.com/.wp-config.php.swp
https://example.com/wp-config.php~
https://example.com/dump.sql
https://example.com/example.com.key
<script type="text/javascript" src="https://example.org/fancy.js"></script>
Allow: ,GET,,,POST,OPTIONS,HEAD,, Allow: POST,OPTIONS,,HEAD,:09:44 GMT Allow: GET,HEAD,OPTIONS,,HEAD,,HEAD,,HEAD,, HEAD,,HEAD,,HEAD,,HEAD,POST,,HEAD,, HEAD,!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" Allow: GET,HEAD,OPTIONS,=write HTTP/1.0,HEAD,,HEAD,POST,,HEAD,TRACE
Optionsbleed was already discovered in 2014, but nobody noticed it's a security problem.
One month after Heartbleed!