Sigma client server configs password#
If unnecessary services are enabled or default configuration files are used, verbose/error information is not masked an attacker can compromise the web server through various attacks like password cracking, Error-based SQL injection, Command Injection, etc.
If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories. This is vulnerability where an attacker is able to access beyond the web root directory from the application. He may store malicious/unrelated data in the database when the website is requested, it will show irrelevant data on the website, thus displaying a defaced website. When an attacker finds out that input fields are not sanitized properly, he can add SQL strings to maliciously craft a query which is executed by the web browser. SQL injection attacks are used to deface the website. buffer overflow attack, SYN flooding, HTTP get Request Flooding, Ping of death.
IIS and Apache Web Server Attacks types: DOS attack:Īn attacker may cause a denial of service attack by sending numerous service request packets overwhelming the servicing capability of the web server, or he may try to exploit a programming error in the application causing a DOS attack.Į.g.
Vulnerability stack of a web server is given below (source: White hat security)Į.g. Any vulnerability in the applications, Database, Operating system or in the network will lead to an attack on the web server. Web servers are themselves computers running an operating system connected to the back-end database, running various applications.
0 kommentar(er)
