I am learner in web-application hacking ,
I have seen some sites leaking their php configurations,i had seen like this
I just find these sites via google dorks,also the web-server is a shared web-server,the configuration leaks via one web-site poses danger to all the sites(almost 170 web-sites in them)
It made me think like this,
1.1)By leaking these sensitive php configurations what kind of dangers will be faced the web-server ?
1.2)do you rate this as a major bug or minor bug ?
1.3)Also by having these sensitive configurations it it possible for a attacker to gain a shell on the web-server?
1.4)I have read that most of the security configurations has been placed in this .htacess file,is it possible for the attacker to attack/modify the .htacess configuration?
1.5)what are the possible attacks can be done on a .htacess file?
I have been started to thinking about the future of the web-application hacking,because after seeing some things it made me think like this,
I am just a beginner in these web-Application security/hacking,i had started to read many many types of web-application attacks and all especially from the owasp site and some other sites,
And i checked the sites like 1337day and exploit-db and some other exploit sites for those vulnerabilities,
say http response splitting last exploit has been published before 1 year,
say RFI/LFI bugs last exploit has been published before 3-4 months,
seems RFI/LFI is dying fast,i think it would disappear soon,
what types of exploits we are actively seeing is xss,sqli,file upload bugs,RCE,command injection,CSRF and few others.
Also i started to hear that the same will happen to sqli and xss in a very few years,
Nowadays it seems the standard of making web-application/web-development is becoming higher and they are making hackers job tougher,
2.1)what you guys feel about this?
2.2)do you think xss and sqli will die or will become an uncommon type(i.e like xst attack of today) of exploit in the few years ?
2.3)do you think any new breed of attacks will born in the coming future?
2.4)And as a beginner in web-app hacking/security this really started to worrying me,how can i prepare my-self so that i can over come these challenges in my future in order to have a good and successfull carrier web-Application security/hacking ?