Hize un escaneo con SSS a una pag, y me tiro unas vulnerabilidades que no se como explotarlas y lo peor de todo es que SecurityFocus no me dice nada =S
Web Servers : Vulnerable script
Port: 80
Description: Found vulnerable script on this web site
Risk level: High
Script: <Ahref="
Necesitas ser usuario para ver los enlaces
Crear Usuario Hacer Sesion de la pag/put_image.php?file=/../../../../../../etc/passwd" target="_default">
Necesitas ser usuario para ver los enlaces
Crear Usuario Hacer Sesion de la pag/put_image.php?file=/../../../../../../etc/passwd</A>
CVE GENERIC-MAP-NOMATCH
Web Servers : Apache CGI Byterange Request Denial of Service Vulnerability
Port: 80
Description: Apache is prone to a denial of service when handling large CGI byterange requests.
How to fix: Upgrade to the current version of Apache.
Risk level: Medium
Related Links: Apache Web Server Homepage
CVE CAN-2005-2728
Bugtraq ID 14660
Web Servers : Apache HTTP Request Smuggling Vulnerability
Port: 80
Description:
Apache is prone to an HTTP request smuggling attack.A specially crafted request with a 'Transfer-Encoding: chunked' header and a 'Content-Length' can cause the server to forward a reassembled request with the original 'Content-Length' header. Due to this, the malicious request may piggyback with the valid HTTP request.It is possible that this attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.This issue was originally described in BID 13873 (Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities). Due to the availability of more details and vendor confirmation, it is being assigned a new BID.
How to fix: Upgrade to the current version of Apache.
Risk level: Medium
Related Links: Apache Web Server Homepage
CVE CAN-2005-2088
Bugtraq ID: 14106
Les agradecería que me dijieran como funcionan =)
De antemano, Gracias.
Autor