14.04 - Apache on Ubuntu blocking all XSS attempts - Ask Ubuntu
i have digitalocean droplet trying build intentionally vulnerable lab on school's information security program. problem apache blocking sorts of malicious requests, such cross-site scripting, file inclusion, sql injection, stuff that, , need know how disable this. here example request:
get /mutillidae/index.php?page=../../../../../etc/passwd%00 http/1.1 host: ksu-labs.com upgrade-insecure-requests: 1 user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, gecko) chrome/54.0.2840.71 safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 accept-encoding: gzip, deflate, sdch accept-language: en-us,en;q=0.8 cookie: showhints=1; username=admin; uid=1; phpsessid=27dps71931p1dt19vkdl0thu05 connection: close
what happening server resetting connection upon reception of request , getting no response. hope guys can help. in advance.
~austin
found problem, not apache or ubuntu related, appears college's firewall has sort of terrible ips/ids blocking outbound attack attempts, circumvented, nothing os or software related, anyways guys.
Comments
Post a Comment