Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Vulnerability kali's tagboard

from [Jesus] Network Security [Permanent Link]
Subject: Re: Vulnerability kali's tagboard
Date: Thu, 28 Apr 2005 15:06:53 -0400 (EDT) 

On Thu, 28 Apr 2005, security curmudgeon wrote:


******************************************
* Example .htaccess File
******************************************
AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Tagboard Admin Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>



Mod security alleviates most of this

SecFilterSelective THE_REQUEST "\&cmd" "redirect:http://www.gaytardedhax0rs.net";

As do normal apache settings

<Location /admin/>
#
    Order deny,allow
    Allow from YOUR_ADDRESS_GOES_HERE
    Deny from all
    ErrorDocument 403 http://www.gaytardedhax0rs.net
</Location>

Problem with an htaccess file is creating the users, then making sure no
kiddiot is using some password dumping script or program. IP based would
work better since I can't think of some silly scriptkiddiot injecting info
on the network level to pwn some site using any one of these injection
based tools.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The most tyrannical of governments are those which make
crimes of  opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza


//sil

http://www.kungfunix.net   http://www.politrix.org
http://www.infiltrated.net http://bush.shafted.us
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security contact at sourceforge?, Scott Grayban
Next by Date:  Re: Borland Security Contact, KF (lists)
Previous by Thread:  Re: Vulnerability kali's tagboard, security curmudgeon
Next by Thread:  MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]