전체 글 썸네일형 리스트형 one way web hacking (pretty old but useful for script kiddies) One-way Web Hacking Saumil Shah saumil@net-square.com 8th December, 2003 "Necessity is the mother of invention" Table of Contents 1.0 Introduction 1.1 Components of a generic web application system 1.2 URL mappings to the web application system 2.0 Flowchart for a one-way web hack 3.0 Finding the entry point 3.0.1 Exploiting URL parsing 3.0.2 Exploiting poorly validated input parameters 3.0.3 Ex.. 더보기 Searching passwords by using searching tool google.com QueryDescription inurl:/db/main.mdbASP-Nuke passwords filetype:cfm "cfapplication name" passwordColdFusion source with potential passwords filetype:pass pass intext:useriddbman credentials allinurl:auth_user_file.txtDCForum user passwords eggdrop filetype:user userEggdrop IRC user credentials filetype:ini inurl:flashFXP.iniFlashFXP FTP credentials filetype:url +inurl:"ftp://" +inurl:"@"FTP bookm.. 더보기 Using the Metasploit Console to Launch Exploits $ ./msfconsole 888 888 d8b888 888 888 Y8P888 888 888 88888888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888888 888 88888888888888 .d888888"Y8888.. 더보기 Apache Killer" a DDoS using the Range HTTP Header In 2007, a Google engineer, Michal Zalewski, published a memo detailing a potential vulnerability of both Apache and IIS Web Servers after investigating the HTTP/1.1 "Range" header implementation. He reported then: it is my impression that a lone, short request can be used to trick the server into firing gigabytes of bogus data into the void, regardless of the server file size, connection count,.. 더보기 이전 1 ··· 112 113 114 115 116 117 118 ··· 178 다음