Netsparker identified that code execution via WebDAV. Netsparker successfully uploaded a file via
PUT method and then renamed this file via
MOVE method. When requesting the file, code is executed in the context of the web server. At the end of the attack, Netsparker tried to delete the file.