Collaborate Disseminate
there is PHP website and IIS web server, when I upload reverse shell to connect back to netcat listener or meterpreter it connects with username iis_met,but when I upload php shell that will just give me access to OS files through web brow… Continue reading IIS different user with reverse shell [closed]
SCENARIO:
web application which I think is affected by:
a self-xss in the profile section of a user.
logout CSRF
login CSRF
Below I described the test I did to check for the last 2 vulnerabilities, I’d appreciate an opinion about their c… Continue reading Is this test enough to proof that the web application is vulnerable to Login CSRF?
in a certain page I have a newsletter subscription form, where the user enters his e-mail address and then through PHP an authenticated e-mail is sent to myself with the user’s information (e-mail address he declared, IP address, Hostname,… Continue reading php / email / iis
I just got a message from a security guy that my application is executing remote code if they pass a Content-Type: image/asp. For now he does not disclose anything. Now my question is that if I am using ASP.NET 5 MVC application using IIS … Continue reading Content-Type and Code Execution
We have a private intranet site, created in vb.net running on Windows Server 2019. I want to use https, so a padlock displays in the browser rather than, "Not secured".
I can’t figure out how to validate a certificate and import … Continue reading How do you implement an SSL certificate for a private intranet site? [duplicate]
I ran a Qualys scan on my website and got a Slow HTTP POST vulnerability. In particular, server resets timeout after accepting request data from peer.
From what I understood from this finding, whenever a similar client restarts its connect… Continue reading Slow HTTP POST vulnerability in IIS 10
This question may be silly but I’ve a hard time understanding TLS 1.2 and accessing a website via HTTPS.
I’ve received a report from a web security tool that my website is not HTTPS and I have to enable TLS 1.2 on the server. As per my und… Continue reading TLS 1.2 and HTTPS
I have seen how to set length using web.config such as below
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<!– ~ 2GB –>
<httpRuntime maxRequestLength="21… Continue reading Limit Content Length at URL Level in for iis or on asp project [migrated]
We have to protect a database connection string for a .NET desktop application that has an application-level database user. One option is to encrypt a section of the app.config using asp_regiis. But then every user of the application needs… Continue reading An intranet web app for decrypting values : a bad idea, and if so, why?
We are creating a new web site and it’s using a CMS that will connect to a internal web service that will connect to a sql database. The cms will be in the DMZ and the web service will be in the protection network with the database. My que… Continue reading IIS CMS access web service