Web Application

Posted by ghimau under
Att: alycia
Just now I did a very simple 'test' on that server, I found the directory listing is on. The interesting directories are :
/admin/
/server-status/
/server-info/

Both the server-* directories are only information disclosure vulnerabilites.
But the /admin/.. hmm.. looks interesting.

To do a complete pen-test, needs a lot of time, there's no a single silver bullet to 'hack'.

Last week, I found that the application is vulnerable to cookie-session injection attack. I told abg mazani, and give him the proper solution.

2 comments:

On 29 June 2007 at 13:35 , alycia said...

ye ke en hakes... takpe2 nnt saya discuss ngan abg mazani about that.. en hakes, leh tak tunjukkan screen shot apa yg en hakes nampak... saya bab2 security ni lemban ckit... but starting now i want to study about security and hakes..

anyway, thank :)

 
On 29 June 2007 at 15:13 , ghimau said...

nak screenshot? hmm.. nanti aku letakkan