Web stats for Secalert - secalert.net
David Vieira-Kurz (@secalert) on security.
Traffic Report of Secalert
Daily Unique Visitors: | 460 |
Daily Pageviews: | 920 |
Estimated Valuation
Income Per Day: | $ 3.00 |
Estimated Worth: | $ 720.00 |
Search Engine Indexes
Google Indexed Pages: | Not Applicable |
Yahoo Indexed Pages: | Not Applicable |
Bing Indexed Pages: | Not Applicable |
Search Engine Backlinks
Google Backlinks: | Not Applicable |
Bing Backlinks: | Not Applicable |
Alexa BackLinks: | Not Applicable |
Safety Information
Google Safe Browsing: | No Risk Issues |
Siteadvisor Rating: | Not Applicable |
WOT Trustworthiness: | Not Applicable |
WOT Privacy: | Not Applicable |
WOT Child Safety: | Not Applicable |
Website Ranks & Scores
Google Pagerank: | Not Applicable |
Alexa Rank: | 1,046,838 |
Domain Authority: | Not Applicable |
PageSpeed Score
Siteadvisor Rating
Where is secalert.net server located?
Social Engagement
Facebook Shares: | Not Applicable |
Facebook Likes: | Not Applicable |
Facebook Comments: | Not Applicable |
Twitter Count (Tweets): | Not Applicable |
Linkedin Shares: | Not Applicable |
Delicious Shares: | Not Applicable |
Page Resources Breakdown
Homepage Links Analysis
Website Inpage Analysis
H1 Headings: | 1 | H2 Headings: | 4 |
H3 Headings: | 40 | H4 Headings: | Not Applicable |
H5 Headings: | Not Applicable | H6 Headings: | Not Applicable |
Total IFRAMEs: | 1 | Total Images: | 6 |
Google Adsense: | Not Applicable | Google Analytics: | Not Applicable |
HTTP Header Analysis
Status-Code: 200
Status: 200 OK
Date: ... 16 Mar 2016 15:15:33 GMT
:
If the http status code is followed by the date response header in the second line it usually means that it the page is using an Apache httpd as web server. In this case I assumed that an httpd is used in front of an Tomcat web server. If i am right then they could probably be using some module to dispatch the files between the httpd and the Tomcat web server which means I could potentially trick the routing to expose the source code of any ".jsp" or ".inc" files by appending specific lower ascii characters - depending on whether they are using a Connector or Handler.
Connector, Handler, File Descriptor
1) The Apache Tomcat Connectors: If Apache httpd and Tomcat are configured to serve content from the same filing system location then care must be taken to ensure that httpd is not able to serve inappropriate content such as the contents of the WEB-INF directory or JSP source code. This could occur if the httpd DocumentRoot overlaps with a Tomcat Host's appBase or the docBase of any Context. It could also occur when using the httpd Alias directive with a Tomcat Host's appBase or the docBase of any Context.
2) Well, let's have a look on the Apache web server handler. A "handler" is an internal Apache representation of the action to be performed when a file is called. Generally, files have implicit handlers, based on the file type. Normally, all files are simply served by the server, but certain file types are "handled" separately. If you want to handle ".jsp" files you may for example use the Apache module "mod_mime" in order to associate the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding).
What will the httpd do if you try to access file which is not explicitly associated with a handler or filter? Httpd will serve the file as plain text without further actions which means that we can potentially exploit this behaviour.
Analysis
In the case of my research of this particular target system i knew from the information gathering analysis that they were handling ".jsp" files, so i assumed that they are using an Apache httpd in the front and an Tomcat or similar web server in the back end of the architecture. So i tried to append some character to the file extension like this in order to get some information by forcing the system to run in some uncaught exceptions and show up with any anormally behaviour:https://www.victim.tld/password.jsp
This, however did not work as expected. I was expecting the system to expose a stack trace or to run into a web application firewall, but instead if came it up with the following message:HTTP ERROR: 400
Web server handler/filter/modules with similar issues in the past:CVE-2007-1860: mod_jk double-decoding:
Domain Information for secalert.net
Domain Nameserver Information
DNS Record Analysis
Host | Type | TTL | Extra |
---|---|---|---|
secalert.net | A | 3600 |
IP:78.46.124.97 |
secalert.net | NS | 86400 |
Target:ns.udag.net |
secalert.net | NS | 86400 |
Target:ns.udag.org |
secalert.net | NS | 86400 |
Target:ns.udag.de |
secalert.net | SOA | 86400 |
MNAME:ns.udag.net RNAME:hostmaster.united-domains.de Serial:2015072401 Refresh:10800 Retry:3600 Expire:604800 |
secalert.net | MX | 14400 |
Priority:20 Target:mx01.udag.de |
secalert.net | MX | 14400 |
Priority:10 Target:mx00.udag.de |
secalert.net | AAAA | 3600 |
IPV6:2a01:4f8:c17:32c0::2 |
Similarly Ranked Websites to Secalert
Boty na kolo FIVE TEN a ponožkoboty SKINNERS | ElementStore CZ
ElementStore - Pořiď si sportovní boty Five Ten, co opravdu vydrží! Boty na kolo, trekové boty, lezečky. Prodáváme, radíme, podporujeme freeride i turistiku.