Olá,
Hoje, com um pouco mais de experiência, resolvi fazer alguns scan's em alguns sites, na maioria deles contém as seguintes vulnerabilidades
>> Site alvo Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar... <<
---------------
Porta -> 80
Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
Description -> Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.
---------------
Porta -> 80
Web Servers : Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
Description -> The Apache mod_proxy module is prone to a denial-of-service vulnerability.A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
---------------
Porta -> 80
Description -> Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.Web pages generated by the affected source code may be prone to a cross-site scripting issue.Versions prior to Apache 2.2.6 are affected.NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.
Oquê eu realmente quero saber é possível fazer algum tipo de invasão e/ou ataque com essas vulnerabilidades, Se for possível fazer algo, peço à vocês que me ajudem a fazer um ataque ou uma pequena invasão à este servidor.
Obrigado a todos,
Att,
Kn0wnOwner
Hoje, com um pouco mais de experiência, resolvi fazer alguns scan's em alguns sites, na maioria deles contém as seguintes vulnerabilidades
>> Site alvo Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar... <<
---------------
Porta -> 80
Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
Description -> Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.
---------------
Porta -> 80
Web Servers : Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
Description -> The Apache mod_proxy module is prone to a denial-of-service vulnerability.A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
---------------
Porta -> 80
Description -> Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages.Web pages generated by the affected source code may be prone to a cross-site scripting issue.Versions prior to Apache 2.2.6 are affected.NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems.
Oquê eu realmente quero saber é possível fazer algum tipo de invasão e/ou ataque com essas vulnerabilidades, Se for possível fazer algo, peço à vocês que me ajudem a fazer um ataque ou uma pequena invasão à este servidor.
Obrigado a todos,
Att,
Kn0wnOwner
Comment