Questions tagged [webserver]
A system whose primary function is to deliver web pages on request to clients.
965 questions
2
votes
0
answers
53
views
Evaluating Self-Hosted Web Applications
Background:
There are a lot of self-hosted web applications these days, and often, more than one for the same purpose. In my case I am looking for a replacement for GitHub or other big tech/cloud git ...
1
vote
1
answer
52
views
Looking for Advice on Securing a UI implemented as a Web Site
I am looking at different UI options for a microcontroller/SOC, the ESP32-S3. One option is a web site with a login and HTTPS running on a "light weight web server". However, I am not sure ...
- 113
5
votes
3
answers
2k
views
Which external vulnerabilities remain for a web server secured with mTLS?
Scenario:
A web server with a web app for remote staff.
The web server is behind a reverse proxy (traefik)
The web server has a host based firewall configured to allow connections only from the proxy ...
- 802
0
votes
1
answer
108
views
How to securely allow localhost to access through CORS, without exposing it to anyone's localhost?
It is recommended to do this often in web apps:
import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
// Define allowed origins
const allowedOrigins = [
'http://...
- 694
1
vote
1
answer
89
views
Web Server API returns Hacked webpage when Unity Project makes API call
We currently have a linux/apache/sql webserver that has API access for our app in the meta store(Quest 2 & 3).
when manually type in the address on chrome (desktop computer) I get the proper API ...
- 11
2
votes
2
answers
863
views
Is my TOTP key secure on a free hosting provider server with FTP and .htaccess restrictions?
I'm hosting a website on a free hosting provider server that uses PHP for OTP-based authentication. Here’s how it works:
If an unregistered IP address visits the site, it shows an "Unauthorized&...
2
votes
0
answers
55
views
How to list the devices connected to any website? [closed]
I want to identify the devices currently connected to my web server. How is this done and what are the tools used to do this?
- 21
1
vote
0
answers
78
views
What is the sense of the client's IP in a Host header? [closed]
In my webserver log files I sometimes find such entries:
185.30.14.116 [2024-09-14T07:56:57+02:00] 400 | HOST-HDR "185.30.14.116" | SRV _:80" | URI "/"
So there is a request ...
1
vote
2
answers
131
views
When viewing a hotlinked Google image preview, is the IP address of Google's server recorded on the original site?
When I click on a Google image thumbnail to view a larger preview, I understand that the image is hotlinked from the hosting site.
In this case, when I view the hotlinked Google preview image, is my ...
- 25
1
vote
1
answer
106
views
Execution profile for web server
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let's assume that someone has an (Apache) HTTP Server. ...
- 111
0
votes
1
answer
134
views
JSON array payload POC for CVE-2022-24999
I'm currently exploring if one legacy project is vulnerable to CVE-2022-24999
I found a very helpful GitHub repo with POCs
However, in my case, I need to check if a payload passed in a JSON body to a ...
- 377
1
vote
1
answer
82
views
Command Injection in URLs. Are response codes foolproof indicator of true/false positive?
Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server ...
- 11
0
votes
2
answers
174
views
Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?
I've found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?
5
votes
1
answer
911
views
What are the reasons for CORS failure errors to not be available to JS?
From Cross-Origin Resource Sharing (CORS) - HTTP | MDN:
CORS failures result in errors but for security reasons, specifics about the error are not available to JavaScript. All the code knows is that ...
- 1,621
0
votes
1
answer
85
views
Benefits of random responses to exceptions over generic error responses
Attackers can send requests with data that the server does not expect in order to try to get responses that reveal secret data. One common example is when the server experiences an exception. A poorly ...
- 647
1
vote
1
answer
114
views
Would monitoring for unusual process execution help identify intrusions on a web server?
I have a web server with each web application running as it's own machine level account.
The server only hosts the web applications, no other services, dbs, etc.
Apart from the web server processes, ...
- 155
2
votes
1
answer
978
views
Public client or Confidential client: should I generate a client secret?
I've read about this but I don't fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that ...
- 123
1
vote
1
answer
143
views
Are webservers's file serving safe against timing attacks?
Context
I've been recently looking at UUIDs (mostly v4) and their uses to maybe start using them in some of my apps. I started asking myself some question about security as one does. Then I fell on ...
- 111
0
votes
1
answer
189
views
Detect invalid cert Android client if URL being redirected to a fake server [duplicate]
Here is the scenario:
Server A is an authentic server (A.com).
Server F is a fake server (F.com) that also has a valid cert for
F.com has a copy of A.com certificate to it (to fake as A.com).
Client ...
- 109
1
vote
0
answers
329
views
Which is safer - using the sql_conn Flutter package or using a web server as a middle layer for requests against a SQL Server database?
We are currently working on setting up new Android handheld devices (RF guns) to read/write to our SQL Server 2019 database and are at a fork in the road in deciding what to do. Both options below ...
- 111
0
votes
0
answers
128
views
Identify hosts that are serving specific metric on Shodan
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let's say we know that there are entities on ...
- 1
1
vote
2
answers
207
views
How to prevent attacks on a personal webserver
I'm currently working on some modules on hackthebox. In that regard, I recently set up a web service: sudo python3 -m http.server 8080
When I did a wget to my server, it showed up in the log as usual, ...
- 49
0
votes
0
answers
732
views
Reverse proxy server in DMZ with separate server for nginx (docker)
Does it makes sense to create two separate docker hosts (VMs) for reverse-proxy and web application?
My first idea was to put the web-exposed application in my separated VLAN (DMZ) where only ports 80 ...
- 1
0
votes
1
answer
312
views
HIPAA Compliance for Frontend Hosting
I am using a non-HIPAA-compliant vendor (Vercel) for the hosting of my site. This includes serverless functions on Vercel's infrastructure that serve HTML/CSS/JS. However, the entire backend/database ...
- 143
0
votes
1
answer
475
views
What vulnerability query params or body outside a whitelist can allow?
For instance, suppose we have a request that uses the field name in a request's body or query params, but the client sends the params name and age. Some web server frameworks allow us to strip ...
1
vote
1
answer
296
views
Unlisted directory discovery of a web server without using bruteforce attacks
Some creator I support on SubscribeStar hosts their files on a dedicated AWS web storage server of theirs and the names are easily accessible and sometimes guessable without any kind of security or ...
- 111
0
votes
2
answers
124
views
Web request TLS
What version of TLS would be required for a router that separates client requests from a web server behind a router?
Let's say the supported TLS client is 1.2 and so is the web server, BUT the router ...
- 3
0
votes
0
answers
166
views
Where is the safest place to put servers
Currently, I have modem with built-in NAT and DMZ. I have 250Mb of webspace and unlimited emails supplied by my ISP on WAN. I want to move the webspace to my own PC on a LAN along with the emails so I ...
- 1
0
votes
1
answer
1k
views
Does a DDoS Attack affect the internet connection apart from the service it's attacking?
Lately I've been experiencing some crashes related to my internet connection, I'm on the process of pin-pointing what is causing the issue and one of those possible causes might be a DDoS attack, ...
0
votes
1
answer
489
views
Trying to understand HTTP request containing base64 encoded part and email address
I have public webserver serving static html pages and when analyzing error logs I found type of attempted GET that I don't understand.
They are formed like this and fail because request is too long:
/...
- 101
0
votes
1
answer
164
views
How spamming entries in website database using the same IP address is possible?
I am working in a private company as VAPT Auditor. I am currently testing one of our project website which contains common features like login, sign up, etc. I mostly do manual testing using BurpSuite ...
- 41
1
vote
1
answer
405
views
Is my website under attack?
I have a web server. I was investigting why my nginx is keep crashing. I noticed a few other issues in my logs.
Note: In the log report, I replace the name of my website with example.com and my second ...
- 11
1
vote
1
answer
482
views
Is running PHP file_get_contents on random user-generated links safe?
In one of my PHP apps, I have a part where it scrapes the content of random links on the internet using file_get_contents, and then it runs a regex on this content to find all the email addresses in ...
- 352
1
vote
1
answer
204
views
"Pass-through" website interception detection and prevention
I face some sort of "MitM" attack type that I don't really know how to search, because I don't really know what it is called, so I am in the dark here, and need some help and advice.
Let's ...
- 13
1
vote
2
answers
146
views
Are there any attack vectors against the Smarty-PHP template engine when using a trusted template?
This is actually a general question about template engines.
If I use Smarty-PHP to generate a website, and the templates and content are both created by me (assumed non-malicious), does this create ...
- 135
0
votes
1
answer
194
views
Parse a File on Client and Send to Server Without Client Manipulating Data
I have a desktop app that takes a file format and parses it to get some JSON data that is then send to a server.
My problem is figuring out if it is possible to somehow parse the data on the client ...
- 1
0
votes
1
answer
422
views
Server Side Template Injection (SSTI): Difference between plaintext context and code context?
I am learning pentesting, currently studying Server Side Template Injection. I understood there are two types of SSTI - plaintext context and code context - but struggle to understand what exactly is ...
- 125
0
votes
0
answers
735
views
Do I need https for a web server that will be used locally? [duplicate]
I have a web server that will be used to manage the stock of a warehouse in a factory. The web server will be accessed only locally so the clients can update and view the available stock. The server ...
- 1
3
votes
1
answer
1k
views
Is there a reason for a server-side limit on the number of HTTP headers allowed for each request?
The security team at my company has set a limit on the number of headers a HTTP request can contain (not header size, but an actual hard count limit on the number of headers).
A vendor has added a few ...
- 133
1
vote
1
answer
199
views
What is <title>(.*?)<\/title> and how the attacker use that?
I had a log from my web server like this
[28/Aug/2022:12:57:02] "GET / HTTP/1.0" 200 1684 "" "<title>(.*?)<\/title>"
What is this meaning and what exactly ...
- 115
0
votes
1
answer
202
views
Is HTTP Request Smuggling domain/subdomain wide or directory wide?
I have a pretty good understanding of HTTP Request Smuggling vulnerabilities but one thing I still need some clarification on is if they are domain/subdomain wide or directory wide?
Here's what I mean:...
- 50
0
votes
1
answer
176
views
Site "can't" change username, why? [closed]
There's a website I have an account on, and I needed to change my username. They said they were unable to change that. I requested to just have my account deleted, and then I would create a new ...
- 1
1
vote
0
answers
275
views
Why is it a security concern to modify http.sys registry entries to allow web service to accept a longer query string?
I have an Http web service running on IIS. The Http service will be exposed to the public internet, but only authenticated client requests will be processed by the web service. The service allows ...
- 11
1
vote
2
answers
1k
views
What is the effect of the "&x=" in a SSRF? Is it something related to encoding?
I'm learning SSRF. I learnt that typing &x= kinda turn off the rest of an URL (like https://some.website.com/user?id=9&x=.website.com/api/item?id=9)
Everything that comes after the &x= ...
- 13
0
votes
1
answer
857
views
What is the intent behind these unknown HTTP Requests into my AWS Web Server?
I know about the usual port sniffers and mass scanners that just pop up on any web server, but this one looks interesting to me.
I figured out so far that those requests aren't really an issue for my ...
- 339
0
votes
1
answer
248
views
Can attacker gain access to my private network application through pivoting and/or lateral movement?
I am using a public wifi network.
When I start a nodejs express server at my local system at port 3000, I can access that website on another device (that is connected to the same public wifi network) ...
- 15
0
votes
1
answer
80
views
Do I need to set up super global SESSION for a web form?
I am building a web form in PHP, is just for the user to request information about my services or send comments, so I don‘t need the user to be logged with a username and a password, no databse. I ...
- 1
0
votes
1
answer
1k
views
Why is Nessus report HTTP running a web server on port 80 when I'm sure that it isn't?
From a Nessus scan I have the following output regarding HTTP and the use of port 80:
Info N/A 43111 HTTP Methods Allowed (per directory)
Info N/A 24260 HyperText ...
- 23
2
votes
1
answer
312
views
Is it safe for website to generate fake profile pages?
Today I found a website which generates a fake profile when asked if said profile exists. Example: www.site.com/user/mycoolname doesn't exist yet. But if I put it in the browser for the site I get a ...
- 21
0
votes
1
answer
739
views
Do WSGI servers connect to devices outside of the network?
I want to set up a plotly dashboard and view it from my browser.
Plotly gets set up as a flask application. I'm of the understanding that I should use a WSGI server to host it. I'm looking at waitress ...
- 101