webserver – Page 2 – WindowsTechs.com

Execution profile for web server

Posted on May 19, 2024 by und3rd06012

I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let’s assume that someone has an (Apache) HTTP Server. What I am trying to do is to create pr… Continue reading Execution profile for web server→

JSON array payload POC for CVE-2022-24999

Posted on May 8, 2024 by cis

I’m currently exploring if one legacy project is vulnerable to CVE-2022-24999
I found a very helpful GitHub repo with POCs
However, in my case, I need to check if a payload passed in a JSON body to a POST request would get through. The rep… Continue reading JSON array payload POC for CVE-2022-24999→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server process this request and pings interac… Continue reading Command Injection in URLs. Are response codes foolproof indicator of true/false positive?→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?

Posted on April 7, 2024 by 0xdead 4f

I’ve found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?

Continue reading Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?→

What are the reasons for CORS failure errors to not be available to JS?

Posted on April 5, 2024 by Ooker

From Cross-Origin Resource Sharing (CORS) – HTTP | MDN:

CORS failures result in errors but for security reasons, specifics about the error are not available to JavaScript. All the code knows is that an error occurred. The only way to dete… Continue reading What are the reasons for CORS failure errors to not be available to JS?→

Benefits of random responses to exceptions over generic error responses

Posted on April 1, 2024 by n-l-i

Attackers can send requests with data that the server does not expect in order to try to get responses that reveal secret data. One common example is when the server experiences an exception. A poorly configured server might include a deta… Continue reading Benefits of random responses to exceptions over generic error responses→

Webserver Runs on Android Phone

Posted on March 28, 2024 by Bryan Cockfield

Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a …read more Continue reading Webserver Runs on Android Phone→

Does naming a folder index.php harden web server security? [closed]

Posted on March 27, 2024 by morgansbyers

In the root folder of the web server I created a folder named index.php
Does this harden the link security in the web browser?
For example, if a bad robot visited a site to spam index.php webpage will the bad robot stop because it found in… Continue reading Does naming a folder index.php harden web server security? [closed]→

How to prevent absolute path traversal in EasyPHP Webserver 14.1

Posted on February 23, 2024 by luminare

In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I… Continue reading How to prevent absolute path traversal in EasyPHP Webserver 14.1→