forked from iamfuntime/security-cheatsheets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
webservervulns
15 lines (11 loc) · 969 Bytes
/
webservervulns
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# angela <angelaevans>
#Sample Files
Since web servers are hard to make from the ground up, sample files are often in the distributions, and the knowledge of these sample files can provide openings.
#Source Code Disclosure
Allowing the source code to be viewed can make holes an files accessible if they can can be found referenced in the code.
#Canonicalization
Errors usually occur when the web server fails to fully carry out the law (that the root word for any URL/filename would be the same if it is for the same resource), and thus the web server will fail to recognize that a URL is associated with a file it addresses.
#Input Validation
Classic hacking technique, but it can lead to buffer overflows, integer errors, and heap exploits.
#Denial of Service
Attempting to waste server time to get a denial. For example, one can identify many strings that hash to the same location in an environment with a naive programming language hash table implementation.