Collaborate Disseminate
I have setup a local apache server with php module.I deployed a dvwa in my localmachinne..I am learning about XSS(DOM) type of attack.I setup the low level security in dvwa.When i added <script>alert()</script>
in the url i got… Continue reading Injecting script from outside for local machine url request
This question already has an answer here:
Server compromised for 2nd time, cannot locate source of attack
6 answers
Today I accidentally miss-typed a popular’s website domain, which led me to a malicious website. I realized immediately but before I had time to close the tab, I was surprised to be presented with the web app that I am runnin… Continue reading How did a malicious website managed to serve me the app that is running on my local apache server?
I have noticed our website, which is Wordpress based, gets frequent daily requests from other sites where the user agent is Wordpress and the other site is obviously an already hacked Wordpress installation.
In these entries… Continue reading How to identify malicious WordPress user agents
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack. Continue reading Apache Solr Bug Gets Bumped Up to High Severity
Ubuntu 18.04
Apache/2.4.29
ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0
modsecurity-crs 3.0.2-1
This is a new server. The following message appears in modsec_audit.log in every entry:
I would like to set up OCSP multi stapling and I can not find a lot of documentation on it, or in any case, recent information.
I have a root certificate authority (CA) and a daughter CA below. Both work with Freeipa (and Fr… Continue reading OCSP multi stapling : how to enable it? Simple stapling is OK
I have taken a working HTTPS certificate from a server that I want to use on the same server, just on a different port. The certificate has a Subject Alternative Name defined in it. Using keytool, I generated a new keystore… Continue reading Using certificate on same server but different port for https
I am pentesting a PHP website running on Apache in a Ubuntu server.
I found a vulnerability that allows me to write files to the target system.
I know it’s possible to write a php shell to the HTTP root directory and get RCE… Continue reading Is it possible to gain RCE from Arbitrary file write by an unprivileged user?
In a LAMP environment is it possible for an upload to create a directory/folder and if so how to prevent it via PHP?