[ad] The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;). Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS […]
hacking-web-servers
reDuh – TCP Redirection over HTTP
What Does reDuh Do? reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially What is it for? a) Bob.Hacker has the ability […]
WSGW – Web Security Gateway for Secure Apache
[ad] The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software. The Web Security Gateway provides a configurable caching, authentication, […]
Sandcat by Syhunt – Web Server & Application Vulnerability Scanner
[ad] Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities. This is […]