Questions tagged [webserver]
A system whose primary function is to deliver web pages on request to clients.
958
questions
0
votes
0
answers
38
views
Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]
I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it ...
1
vote
1
answer
83
views
Execution profile for web server
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let's assume that someone has an (Apache) HTTP Server. ...
0
votes
1
answer
83
views
JSON array payload POC for CVE-2022-24999
I'm currently exploring if one legacy project is vulnerable to CVE-2022-24999
I found a very helpful GitHub repo with POCs
However, in my case, I need to check if a payload passed in a JSON body to a ...
1
vote
1
answer
65
views
Command Injection in URLs. Are response codes foolproof indicator of true/false positive?
Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server ...
0
votes
2
answers
74
views
Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?
I've found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?
5
votes
1
answer
892
views
What are the reasons for CORS failure errors to not be available to JS?
From Cross-Origin Resource Sharing (CORS) - HTTP | MDN:
CORS failures result in errors but for security reasons, specifics about the error are not available to JavaScript. All the code knows is that ...
0
votes
1
answer
76
views
Benefits of random responses to exceptions over generic error responses
Attackers can send requests with data that the server does not expect in order to try to get responses that reveal secret data. One common example is when the server experiences an exception. A poorly ...
1
vote
1
answer
108
views
Would monitoring for unusual process execution help identify intrusions on a web server?
I have a web server with each web application running as it's own machine level account.
The server only hosts the web applications, no other services, dbs, etc.
Apart from the web server processes, ...
2
votes
1
answer
625
views
Public client or Confidential client: should I generate a client secret?
I've read about this but I don't fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that ...
1
vote
1
answer
126
views
Are webservers's file serving safe against timing attacks?
Context
I've been recently looking at UUIDs (mostly v4) and their uses to maybe start using them in some of my apps. I started asking myself some question about security as one does. Then I fell on ...
0
votes
0
answers
101
views
Trying to generate TLS 1.3 Alert
I am trying to run tests on the TLS 1.3 protocol and I would like to generate alerts (as seen in TLS 1.2) that have a structure of the type ALERT:FATAL UNEXPECTED MESSAGE.
So far, I have tried to use ...
0
votes
1
answer
140
views
Detect invalid cert Android client if URL being redirected to a fake server [duplicate]
Here is the scenario:
Server A is an authentic server (A.com).
Server F is a fake server (F.com) that also has a valid cert for
F.com has a copy of A.com certificate to it (to fake as A.com).
Client ...
1
vote
0
answers
289
views
Which is safer - using the sql_conn Flutter package or using a web server as a middle layer for requests against a SQL Server database?
We are currently working on setting up new Android handheld devices (RF guns) to read/write to our SQL Server 2019 database and are at a fork in the road in deciding what to do. Both options below ...
0
votes
0
answers
118
views
Identify hosts that are serving specific metric on Shodan
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let's say we know that there are entities on ...
1
vote
2
answers
184
views
How to prevent attacks on a personal webserver
I'm currently working on some modules on hackthebox. In that regard, I recently set up a web service: sudo python3 -m http.server 8080
When I did a wget to my server, it showed up in the log as usual, ...