-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Thierry,
Thanks for the pointer...Done ;-) regards mrx Thierry Zoller wrote: > Hi mrx, > > POST data is not included in apache logs perdefault, google about how > to configure apache as to log more details (verbose) > > m> -----BEGIN PGP SIGNED MESSAGE----- > m> Hash: SHA1 > > m> Hi Thierry, > > m> Could you please elucidate? > m> Although not a complete newbie, I am a novice with regard to security and > Apache. > m> I would have though that all data in the POST request would be recorded in > the Apache logs. > > m> Is this the way Apache logging works? > m> Or can an attacker craft a request in such a way as the changing > m> posted data you mention is not visible? > > m> A quick scroogle for "html post request spoofing" did not produce the > desired results, > m> so any link to subject matter covering this would be appreciated. > > m> I respond to you directly, because you contacted me off list :) > > m> Thank you > m> regards mrx > > > > > m> Thierry Zoller wrote: >>> Hi mrx, >>> >>> Your logs don't show the posted data that actually changes ;) >>> >>> m> -----BEGIN PGP SIGNED MESSAGE----- >>> m> Hash: SHA1 >>> >>> m> Vincent, >>> >>> m> Although the actual results of the scan were displayed in English in the >>> online html report, >>> m> the suggested solutions were in fact in Chinese. >>> >>> m> Checking my access logs reveals multiple attempts of the same >>> m> attack/probe, for example multiple identical POSTs to the same page: >>> >>> m> 216.18.22.46 - - [06/Jan/2010:11:33:01 +0000] "POST >>> m> /properblog/wp-login.php HTTP/1.0" 200 2554 "-" "Mozilla/4.0 >>> (compatible; MSIE 7.0; Windows >>> m> NT 5.1; .NET CLR 2.0.50727) NOSEC.JSky/1.0" >>> >>> m> There are around 100 entries identical to the above in my log. I >>> m> don't know if this is by design or not but it does seem to be a little >>> inefficient. >>> >>> >>> m> I also noticed there were no attempts at information disclosure >>> m> via the TRACE method, nor were any attempts made at SQL injection >>> despite my >>> m> selecting "all" in the scan options. Not that my site is vulnerable in >>> any way ;-) >>> >>> m> Hope this helps >>> >>> m> regards >>> m> mrx >>> >>> >>> >>> m> Vincent Chao wrote: >>>>> Thank you for your analysis. It really helps me. >>>>> >>>>> And I also found the PDF report mail to us is in Chinese, in the website >>>>> of >>>>> iiScan, however, to see the report of html or PDF format is English (of >>>>> course can change to Chinese). >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] >>>>> [mailto:[email protected]] On Behalf Of mrx >>>>> Sent: Wednesday, January 06, 2010 8:45 PM >>>>> To: [email protected] >>>>> Subject: [Full-disclosure] iiscan results >>>>> >>>>> Well, this scanner managed to find a couple of low level vulnerabilities >>>>> on >>>>> my site which were missed by both Nikto and Nessus. >>>>> >>>>> Two directories allowed a directory listing and a test.php file I created, >>>>> an information disclosure vulnerability, was also detected. My dumb >>>>> ass forgot to delete this "test.php" file after I finished testing the >>>>> server. >>>>> >>>>> Possible sensitive directories were also listed, however browsing to these >>>>> directories returned 403 errors, blank pages or a wordpress logon >>>>> prompt, which is what I expected. >>>>> >>>>> So all in all this scanner seems to do it's job well. At least for a LAMP >>>>> server running wordpress >>>>> >>>>> Of course I have addressed the vulnerabilities reported. >>>>> >>>>> My command of the Chinese language is limited to zero, so I cannot >>>>> understand the pdf report emailed to me nor the information within the web >>>>> based report. Hopefully the developers will address this language problem. >>>>> >>>>> regards >>>>> mrx >>>>> >>>>> >>> m> _______________________________________________ >>> m> Full-Disclosure - We believe in it. >>> m> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> m> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >>> >>> >>> >>> > > > > > - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0XzNLIvn8UFHWSmAQLfsAf8C9xFp/AZ9HXiYwc0aRDXjZ8ApcT+GOTL +26/SSyTDaS3urSrAXZ/pn6BRAW+/VANfUlgyvEfdGi2JaHtSiFOR3ZI5IMlhKpL RW+fTE6PWDSsuYihdrpwCTasnGU91+3P/P6UZe4aBfznXyJMYUoO/xzi06/uu2pF DSyOrDceNy4chBnJSOha/DMAu9xl6Gr7ALtJ9BvgpP4K2RJd1uYp66nrOXIPqR+L LLuUZEvVx06UwWS8zJCjr2Zy686a6HraCg6TqvuKmO5rYthvSAjt+nOeWlaymIba IMxa2PzZ5YEb9hcEMSsJ2eaBmVHlRqLglphYr+bJbTmzt2rEikvPwQ== =MTM8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
