Att: alycia
Just now I did a very simple 'test' on that server, I found the directory listing is on. The interesting directories are :
/admin/
/server-status/
/server-info/
Both the server-* directories are only information disclosure vulnerabilites.
But the /admin/.. hmm.. looks interesting.
To do a complete pen-test, needs a lot of time, there's no a single silver bullet to 'hack'.
Last week, I found that the application is vulnerable to cookie-session injection attack. I told abg mazani, and give him the proper solution.
Just now I did a very simple 'test' on that server, I found the directory listing is on. The interesting directories are :
/admin/
/server-status/
/server-info/
Both the server-* directories are only information disclosure vulnerabilites.
But the /admin/.. hmm.. looks interesting.
To do a complete pen-test, needs a lot of time, there's no a single silver bullet to 'hack'.
Last week, I found that the application is vulnerable to cookie-session injection attack. I told abg mazani, and give him the proper solution.
2 comments:
ye ke en hakes... takpe2 nnt saya discuss ngan abg mazani about that.. en hakes, leh tak tunjukkan screen shot apa yg en hakes nampak... saya bab2 security ni lemban ckit... but starting now i want to study about security and hakes..
anyway, thank :)
nak screenshot? hmm.. nanti aku letakkan