First let me post my question on php configuration leaks

I am learner in web-application hacking ,
I have seen some sites leaking their php configurations,i had seen like this

I just find these sites via google dorks,also the web-server is a shared web-server,the configuration leaks via one web-site poses danger to all the sites(almost 170 web-sites in them)

It made me think like this,

1.1)By leaking these  sensitive php configurations what kind of dangers will be faced the web-server ?

1.2)do you rate this as a major bug or minor bug ?

1.3)Also by having these sensitive configurations it it possible for a attacker to gain a shell on the web-server?

1.4)I have read that most of the security configurations has been placed in this .htacess file,is it possible for the attacker to attack/modify the .htacess configuration?

1.5)what are the possible attacks can be done on a .htacess file?

____________________________________________________________________
2)

I have been started to thinking about the future of the web-application hacking,because after seeing some things it made me think like this,

I am just a beginner in these web-Application security/hacking,i had started to read many many types of web-application  attacks and all especially from the owasp site and some other sites,

And i checked the sites like 1337day and exploit-db and some other exploit sites for those vulnerabilities,

say http response splitting last exploit has been published before 1 year,
say RFI/LFI bugs last exploit has been published before 3-4 months,
seems RFI/LFI is dying fast,i think it would disappear soon,
what types of exploits we are actively seeing is xss,sqli,file upload bugs,RCE,command injection,CSRF and few others.

Also i started to hear that the same will happen to sqli and xss in a very few years,

Nowadays it seems the standard of making web-application/web-development is becoming higher and they are making hackers job tougher,

2.1)what you guys feel about this?

2.2)do you think xss and sqli will die or will become an uncommon type(i.e like xst attack of today) of exploit in the few years ?

2.3)do you think any new breed of attacks will born in the coming future?

2.4)And as a beginner in web-app hacking/security this really started to worrying me,how can i prepare my-self so that i can over come these challenges in my future in order to have  a good and successfull  carrier web-Application security/hacking ?

Thanks "dynamik" i got your point,so even if we upload the file like evil.jsp.%%.jpg,it wont get executed as jsp file,so there is no point of bypassing the filters it seems.

i have been talking about this tool "hayabusa"


i would like to see such scripts/code,do you have any publicly available scripts,got any ?


we have been speaking about reverse dns look-up and all for findind them,but they had mentioned like this


That is why i had asked about the accuracy of the results

I think they are doing a simple thing in a very complex manner,may be there should be some reasons...


Thanks for the hint


yes maxe ,it is not the direct answer i am looking for,
may be i should digg this a lot deeper...


between if you got any simple public scripts for this ,pass here

I am sure most of the pen-testers here has used this tool

"reverse ip domain check-up"

(i.e when we enter the ip address or one of the web-sites name,it displays the name of all the web-sites hosted in it the ip address)

I have been trying to understand the working logic behind this,
but unfortunately i couldn't find it.


i just want to know the working logic of this tool..

As usual i  have got some questions regarding this:

1)Is it possible for us to determine the number of web-sites running on a web-server manually?if yes how ?

2) To which level  we can trust these information?

3)how does this thing work?

hope i will know the  working logic soon

hi guys,
I have been learning some basic web-application exploitation these days,
today i have been trying the basic exploitation

 i.e exploiting arbitrary file uploads

i have been practicing this on my friends
 jsp web-site running  with Apache-Coyote/1.1...,

i had successfully uploaded the shell  with a file name like this

but while i tried to retrieve the shell after uploading i am getting error like this


Also the web-server supports the following http methods "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"

when i check with some tools ...

I would like to retrieve my uploaded shell,

is it possible to do that ?

Any suggestions/advice please?

hi maxe,

After seeing your post i started to research about this vulnerability,

and i can say proudly to you

"IT IS STILL ALIVE"

As you have said you didn't seen this on a live web-site
here we go


it is a old one ,i am sure it has been patched now,but it is nice to see its presence.

Also go here

look at the 20 th one and they have mention about "HTTP Request Smuggling",it looks like similar to the attack type you had said

TBH as i am not a expert in this i would like to ask some questions on this ?

Does HTTP request smuggling and HTTP response splitting are the same one?

And reading your post and my recent interest about the http headers,methods and attacks related to that it made me curious to know in deep about the threats faced by a server when it enables methods like
HEAD,OPTIONS etc...

do you have any interesting documents to feed my toughts ?
if you have any please feed me,i'm hungry maxe

and it seems i touched a old dusty question , cough , cough

Thanks for the explanation maxe,i got it

i have been actively following you maxe,i have been already trying those tools from intern0t,very simple to use....

and atlast i had find it maxe

but this is the only question for which i still couldn't find a firm answer for it


Also how can we identify this manually?

or in other words

 when we are sending a request with a "Y" HTTP method to the server  instead of "X" HTTP method expected by  the server,how a web-server will explicitly check for this ?

Also if the server allows a "Y" method instead of the "X" method(which is actually expected by the server) does it pose any serious threat to the web-server?







Thanks for the information "Grendel",ill keep this in mind....

may be this is the one i need to try,but i dont know it would be possible to do it on a larger sites ?



well cheers ,join me

I found this for you

i am not at all good at these ,but i feel it would be handy for u

I had some doubts  maxe

You have said when a web-site has http TRACE method enabled and the attackers sends any thing it will be echoed back


but my doubt is

the following script


which we are sending will get executed on the web-server ? or just it is echoed back from the web-server with out being executed?

I tried net catting to the ports on some sites,but i didnt got the list of methods being supported by the web-servers ,
also it seems like you said it seems OPTIONS method are disabled on those servers,Also i had seen in some tools like accunteix are displaying what kind of methods are enabled/supported  on a web-server ,how can we find this manually sir ?

still looking for answers 

I have been reading some Interesting articles regarding hacking the servers with HTTP methods..

I found it interesting,

As far as to my knowledge i had heard there were only 8 http methods ,

but after reading this page  (pardon me i am beginner to this web-sec )



I found it really interesting,they had mentioned about the usage of arbitrary http methods ,so it made interested ,

here are my questions:

1) how can i MANUALLY find , what are the http methods are being supported by a web-server?
I tried net catting to the ports on some sites,but i didnt got the list of methods being supported by the web-servers .

how can i find this manually? because i do know that tools like accunteix and some other tools can do it,but i do want to do it manually so that i can get some knowledge about how it is being done ?

2)can you guys please explain me from your experience about
Arbitrary HTTP Methods ,i tought there were only 8 methods in http.i never heard about these,so i tought it would be nice to ask you guys..

3)is it possible to compromise a web-server with a UNKNOWN HTTP method or using a HTTP method other than the 8 traditional methods ?

4)first how a web-server supports the usage of a http methods other than the specified 8 methods in the rfc ?can any 1 explain me ?

5)Also i would like to know,how a web-site is explicitly checking for GET or POST methods?

Also how can we identify this manually?


Sorry guys,i think i had asked too much of questions,but as i don't have deep knowledge about these things,i tought it would be better to ask here, hope my doubts will be get cleared...

well i am just a final year b.tech student,
I love this computer field for the past 2-2.5 years,

my studies are going to over in the next 90 days,As people like you i too have a dream of getting a job in the security field,but i got strucked at choosing my path,so i toghut it would be best to ask some suggestions from the experienced members here.

my ambition is to go in to the IT security(mostly i am interested in network security and i got a lot of interest in web-application security) field,and i had decided not to concern about my concern salary in the first 1-2 years,I just need to learn and get experienced in my field,

when i asked for some suggestions to some of my real life friends they said,

"go and get a CCNA certiifcation and then try to find a basic job like a "technical support"
in a company,and after working a while get in to the network management team and work for some time(may be 1-2 years) and after you worked and earned some years of experience in the field,then you can try to get in to the IT security field ,because companies expect some kind of working experience beyond your certifications and skills."

i am bit confused here,i don't know how to begin my security carrier?
i am caught in a dliema,can i have some of your advice?

Like me many of todays security gurus were in the dilema during your college days,i believe advice from the experienced persons will surely help to choose my carrier 

I am trying to crack ms-term on a windows 2008 server,but unforutanely i have dealt only with windows 2003 servers before,not with windows 2008 servers,i tried to find it on some places ,but got  nothing,so tought of asking some ideas/advice here regarding cracking a ms-term on windows 2008 server,
hope i will find some help...