Full Disclosure mailing list archives
Re: iiscan results
From: mrx <mrx () propergander org uk>
Date: Thu, 07 Jan 2010 14:44:04 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Thierry, Thanks for the pointer...Done ;-) regards mrx Thierry Zoller wrote:
Hi mrx, POST data is not included in apache logs perdefault, google about how to configure apache as to log more details (verbose) m> -----BEGIN PGP SIGNED MESSAGE----- m> Hash: SHA1 m> Hi Thierry, m> Could you please elucidate? m> Although not a complete newbie, I am a novice with regard to security and Apache. m> I would have though that all data in the POST request would be recorded in the Apache logs. m> Is this the way Apache logging works? m> Or can an attacker craft a request in such a way as the changing m> posted data you mention is not visible? m> A quick scroogle for "html post request spoofing" did not produce the desired results, m> so any link to subject matter covering this would be appreciated. m> I respond to you directly, because you contacted me off list :) m> Thank you m> regards mrx m> Thierry Zoller wrote:Hi mrx, Your logs don't show the posted data that actually changes ;) m> -----BEGIN PGP SIGNED MESSAGE----- m> Hash: SHA1 m> Vincent, m> Although the actual results of the scan were displayed in English in the online html report, m> the suggested solutions were in fact in Chinese. m> Checking my access logs reveals multiple attempts of the same m> attack/probe, for example multiple identical POSTs to the same page: m> 216.18.22.46 - - [06/Jan/2010:11:33:01 +0000] "POST m> /properblog/wp-login.php HTTP/1.0" 200 2554 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows m> NT 5.1; .NET CLR 2.0.50727) NOSEC.JSky/1.0" m> There are around 100 entries identical to the above in my log. I m> don't know if this is by design or not but it does seem to be a little inefficient. m> I also noticed there were no attempts at information disclosure m> via the TRACE method, nor were any attempts made at SQL injection despite my m> selecting "all" in the scan options. Not that my site is vulnerable in any way ;-) m> Hope this helps m> regards m> mrx m> Vincent Chao wrote:Thank you for your analysis. It really helps me. And I also found the PDF report mail to us is in Chinese, in the website of iiScan, however, to see the report of html or PDF format is English (of course can change to Chinese). -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of mrx Sent: Wednesday, January 06, 2010 8:45 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] iiscan results Well, this scanner managed to find a couple of low level vulnerabilities on my site which were missed by both Nikto and Nessus. Two directories allowed a directory listing and a test.php file I created, an information disclosure vulnerability, was also detected. My dumb ass forgot to delete this "test.php" file after I finished testing the server. Possible sensitive directories were also listed, however browsing to these directories returned 403 errors, blank pages or a wordpress logon prompt, which is what I expected. So all in all this scanner seems to do it's job well. At least for a LAMP server running wordpress Of course I have addressed the vulnerabilities reported. My command of the Chinese language is limited to zero, so I cannot understand the pdf report emailed to me nor the information within the web based report. Hopefully the developers will address this language problem. regards mrxm> _______________________________________________ m> Full-Disclosure - We believe in it. m> Charter: http://lists.grok.org.uk/full-disclosure-charter.html m> Hosted and sponsored by Secunia - http://secunia.com/
- -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0XzNLIvn8UFHWSmAQLfsAf8C9xFp/AZ9HXiYwc0aRDXjZ8ApcT+GOTL +26/SSyTDaS3urSrAXZ/pn6BRAW+/VANfUlgyvEfdGi2JaHtSiFOR3ZI5IMlhKpL RW+fTE6PWDSsuYihdrpwCTasnGU91+3P/P6UZe4aBfznXyJMYUoO/xzi06/uu2pF DSyOrDceNy4chBnJSOha/DMAu9xl6Gr7ALtJ9BvgpP4K2RJd1uYp66nrOXIPqR+L LLuUZEvVx06UwWS8zJCjr2Zy686a6HraCg6TqvuKmO5rYthvSAjt+nOeWlaymIba IMxa2PzZ5YEb9hcEMSsJ2eaBmVHlRqLglphYr+bJbTmzt2rEikvPwQ== =MTM8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- iiscan results mrx (Jan 06)
- Re: iiscan results Vincent Chao (Jan 06)
- Message not available
- Re: iiscan results mrx (Jan 07)
- Re: iiscan results p8x (Jan 07)
- Re: iiscan results Jan G.B. (Jan 07)
- Re: iiscan results p8x (Jan 07)
- Re: iiscan results Jardel Weyrich (Jan 07)
- Re: iiscan results Robin Sage (Jan 07)
- Re: iiscan results mrx (Jan 07)
- Message not available
- Message not available
- Message not available
- Re: iiscan results mrx (Jan 07)
- Message not available
- Re: iiscan results mrx (Jan 07)