Buenas tardes, antes que nada quiero agredecer de ante mano por la oportunidad de ingresar al foro y posiblemente obtener las respuestas que tanto he buscado.
Estudio por mi cuenta, la seguridad y vulnerabilidad en servidores web.
He analizado un servidor web en apache, en el cual he encontrado un gran numero de vulnerabilidades, el problema es que, no se como puedo ejecutar algun exploit remoto en ese servidor.
Una de las cosas que mas me llamo la atencion fue que el servidor apache esta totalmente desactualizado. mi pregunta es que tan vulnerable es en base a estos resultados y como puedo aprovechar por ejemplo la vulnerabilidad /cgi-sys/guestbook.cgi?
Muchas gracias por su apoyo, soy numero en el foro y espero aportar de igual manera apoyo en los temas.
+ Server: Apache/2.2.25 (Unix)
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.25 appears to be outdated (current is at least Apache/2.4.7). Apache 2.0.65 (final release) and 2.2.26 are also current.
+ OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ Retrieved x-powered-by header: PHP/5.3.27
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
Estudio por mi cuenta, la seguridad y vulnerabilidad en servidores web.
He analizado un servidor web en apache, en el cual he encontrado un gran numero de vulnerabilidades, el problema es que, no se como puedo ejecutar algun exploit remoto en ese servidor.
Una de las cosas que mas me llamo la atencion fue que el servidor apache esta totalmente desactualizado. mi pregunta es que tan vulnerable es en base a estos resultados y como puedo aprovechar por ejemplo la vulnerabilidad /cgi-sys/guestbook.cgi?
Muchas gracias por su apoyo, soy numero en el foro y espero aportar de igual manera apoyo en los temas.
+ Server: Apache/2.2.25 (Unix)
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.2.25 appears to be outdated (current is at least Apache/2.4.7). Apache 2.0.65 (final release) and 2.2.26 are also current.
+ OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-3092: /cgi-sys/FormMail-clone.cgi: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ OSVDB-3092: /cgi-sys/scgiwrap: Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web
+ Retrieved x-powered-by header: PHP/5.3.27
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.