62 questions
0
votes
1
answer
705
views
SQL injection error in Modsecurity logs in Plesk [closed]
I am receiving the following error for 1 of my wordpress site running on a Plesk server.
[client 000.00.00.000] ModSecurity: Access denied with code 403 (phase
2). Pattern match "[\\\\[\\\\]\\\\...
1
vote
0
answers
445
views
How to use Python pwn tools to resolve a side channel case study
I work on class exercice that involves on find a password on a remote server. The goal is to use the Python pwn library.
When I access to the server with a nc IP port I have :
[0000014075] ...
- 629
0
votes
0
answers
310
views
My node js website was attacked. How do I analyze what hapened?
I am new to web programming and I coded a Node js website. I know C very well but not JS.
I recently changed the port forward to port 80 and it didn't take long before I was attacked. I saved the logs ...
0
votes
1
answer
194
views
Server attack while sending emails with link
I have a problem with a web server, that also sends newsletter emails with an unsubscribe link.
Everytime such an email is sent out, the unsubscribe link is called directly. Because it could be 1000 ...
1
vote
1
answer
789
views
URL Vulnerabilities
I'm researching URLs that I'm building against the unique URL that google docs create once you select and send a URL to anyone.
My URL looks like: https://example.com/?doc=abcd123)
Should I encode ...
- 300
4
votes
1
answer
3k
views
Is there a way in google cloud to block attempt to access specific urls
I have a VM instance that receives a lot of spam/bot traffic attempting to hack the instance such as New Request to /blog/wp-includes/wlwmanifest.xml. Although none of these are successful it adds ...
- 1,425
0
votes
0
answers
233
views
How can i block on Nginx an attack like the code below?
The error shows up in error.log and the server suffers from multiple requests like this one.
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, ...
1
vote
1
answer
361
views
What are these POST-requests containing random URLs to my node server
For personal learning purposes i set up a small express webserver in node js and opened it up to the outside world. It only contains a single static page and no other additional end-point.
...
- 11
-1
votes
1
answer
1k
views
Apache log filled with Proxy errors
I have a website hosting in AWS, recently server become super slow, i checked apache error log, the log keep growing, repeated, ad infinitum like: e-commerce, games, porn etc.
Is someone attacking my ...
- 285
0
votes
1
answer
89
views
How to overcome this Index error in Python
The code given below is exactly as shown in the tutorial(zsecurity)
it seems the code does not working only on my system.i run this code in linux (virtual box).
this is an arpspoofing used to become ...
- 1
-3
votes
1
answer
143
views
What type of XSS vulnerability is this code subject to?
Given the following PHP...
<?php
$name = $_GET['name'];
echo "Welcome $name<br>";
echo "Have Fun!";
?>
What kind of XSS vulnerability is this subject to: Stored, ...
- 11
1
vote
1
answer
446
views
Filter *.my-site.com/ traffic through a load balancer and revoke the rest
I have a site that people access by using a specific urls they're assigned like user1.my-site.com and user2.my-site.com. The users share the same base server and i'd like to limit unwanted traffic. My ...
- 741
0
votes
1
answer
257
views
How to prevent repeated request from a server on website
Hello someone is trying to make multiple signups on my website with different IP what could be the easy way to prevent this . I am using aws stack for website hosting
- 37
0
votes
1
answer
281
views
Invalid HTTP_HOST header: 'awssgp0-files.fds.api.xiaomi.com' request header attack
I am getting this request (more than 2000 per day) from different countries.
Invalid HTTP_HOST header: ‘awssgp0-files.fds.api.xiaomi.com’. You may need to add u'awssgp0-files.fds.api.xiaomi.com' to ...
- 79
0
votes
1
answer
533
views
I'm trying to use directory traversal attack against website
i m trying to pen test a website so if i managed to browse website directories including db config and .php files but whenever opening any .php file nothing show like empty file and every .php file on ...
4
votes
1
answer
7k
views
How do PyMySQL prevent user from sql injection attack?
Sorry for ask here but I cannot found much reference about pymysql's security guide about how do we prevent sql injection,
When I do PHP develope I know use mysql preparedstatement(or called ...
- 107
2
votes
1
answer
6k
views
Denial of Service: Regular Expression (Input Validation and Representation, Data Flow)
I am using HP Fortify tool to detect the vulnerability of my project and it is giving some code vulnerable to DOS attack.
while reading some regular expression through some '.properties' and then ...
- 1,245
0
votes
1
answer
56
views
What is the place the JSONP in CORS platform?
I m researching CORS Attacks, XSS and JSONP and Cross Origin Embedding models to getting informations about cross origin resource sharing. But I dont understand clearly JSONP logic. I m new for this ...
- 1,053
2
votes
1
answer
10k
views
What exactly is meant by 'External Service Interaction' reported by Burp Suite?
Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like ...
user937999
-1
votes
2
answers
173
views
Performing SQL Injection (Interactive exercise)
I am trying to solve an interactive exercise from my university. There is a field given for the username and one for the password. I have to login with my student ID (which of course I know but I dont ...
- 259
0
votes
0
answers
89
views
Can a loopback log entry represent an attack to apache webserver?
Since approximately one month I have been cumulating a lot of these entries as below list in my server in the Apache2 log file. I have spent several days trying to find out if this is really a hack in ...
0
votes
0
answers
160
views
How to pass sensitive data to my python application
I want to pass a critically sensitive key to my python application. Say an attacker gets root access to the server. I don't want him to discover the key by any means. How can I achieve this?
- 1
2
votes
1
answer
2k
views
Weird "Missing template" exception in rails app on production
I have an Exception notifier set up in my rails application. So today I got the second notification, that the index template is missing:
An ActionView::MissingTemplate occurred in products#index:
...
- 23.1k
0
votes
0
answers
872
views
SQL Injection Attack against escaping single quotes
I have been told that the method of escaping single quotes is easy to bypass in a sql injection attack. For example, if I were to have the line:
username='admin' and password='$password'
where the ...
- 1,212
-3
votes
1
answer
207
views
What is a timed attack?
I've heard the term, but I cannot find that much information on it on the internet. What is a timed attack with relation to web server scripting?
Are there methods to combat such attacks?