Web Security Learning
stable
Content Index:
1. Prologue
2. Computer Networks and Protocols
3. Information Collection
4. Common vulnerability attack and defense
4.1. SQL Injection
4.2. XSS
4.3. CSRF
4.4. SSRF
4.5. Command Injection
4.6. Directory Traversal
4.7. File reading
4.8. File Upload
4.9. File Include
4.10. XXE
4.11. Template Injection
4.12. Xpath injection
4.13. Logic Vulnerability / Business Vulnerability
4.14. Configuration and Policy Security
4.15. Middleware
4.15.1. IIS
4.15.2. Apache
4.15.3. Nginx
4.16. Web Cache Spoofing Attack
4.17. HTTP Request Smuggling
5. Language and Framework
6. Intranet penetration
7. Cloud Security
8. Defense Technology
9. Authentication Mechanism
10. Tools and Resources
11. Manual Quick Check
12. Others
Web Security Learning
»
4.
Common vulnerability attack and defense
»
4.15.
Middleware
4.15.
Middleware
ΒΆ
Content Index:
4.15.1. IIS
4.15.1.1. IIS 6.0
4.15.1.2. IIS 7.0-7.5 / Nginx <= 0.8.37
4.15.1.3. PUT Vulnerability
4.15.1.4. Windows Features
4.15.1.5. File name guessing
4.15.1.6. Reference Links
4.15.2. Apache
4.15.2.1. Suffix parsing
4.15.2.2. .htaccess
4.15.2.3. Directory Traversal
4.15.2.4. CVE-2017-15715
4.15.2.5. lighttpd
4.15.2.6. Reference Links
4.15.3. Nginx
4.15.3.1. Fast-CGI off
4.15.3.2. Fast-CGI enabled
4.15.3.3. CVE-2013-4547
4.15.3.4. Misconfiguration
4.15.3.5. Reference Links