14-07-04

how to attack apache servers

http://www.phrack.org/phrack/62/p62-0x0a_Attacking_Apache...
We use this attack technique to hijack a virtual host on server. I know, there are other methods to get control over the HTTP requests (using open file descriptors,...). But all other methods require at least one process running on the server that handles the HTTP requests and redirect them. This way of hijacking apache doesn't require another process because we
change the memory of the apache process itself and so it works normal as before. This attack technique requires access to an account on a webserver which hosts at least two sites (else it wouldnt make any sense). You can't exploit Apache without your own php script on that server (well perhaps there are some "Remote Include" vulnerabilities so you can run a script on
the remote machine).

00:32 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.