Invicti identified that code execution via WebDAV. Invicti successfully uploaded a file via
PUT method and then renamed this file via
MOVE method. When requesting the file, code is executed in the context of the web server. At the end of the attack, Invicti tried to delete the file.