Welcome! Log In Create A New Profile

Advanced

Re: Content Spoofing vulnerability

August 11, 2017 10:11AM
blason Wrote:
-------------------------------------------------------
> Hi Guys,
>
> We have multiple webservers behind Nginx Reverse Proxy and at one of
> the server we have discovered Content spoofing, the vulnerability is
> patched on Apache but also needs to be patchef on Nginx server.
>
> I googled a lot but unable to find a relevant information. Can someone
> please suggest the way to mitigate the same on Nginx?
>
> here is the Apache remediation
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^abc\.biz
> RewriteCond %{HTTP_HOST} !^www\.abc\.biz
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"
>
> RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\
> [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/
> #RewriteRule .* - [F,NS,L]
> RewriteRule ^(.*)$ - [L,R=404]
> ErrorDocument 404 "Page Not Found"


If your application is vulnerable to those kinds of attacks you should patch it or get a WAF like Naxsi to prevent them.

https://www.owasp.org/index.php/Content_Spoofing

As the page shows.

<?php
$name = $_REQUEST ['name'];
?>
<html>
<h1>Welcome to the Internet!</h1>
<br>
<body>
Hello, <?php echo $name; ?>!
<p>We are so glad you are here!</p>
</body>
</html>

The page functionality can be tested by making the following GET request to the page:

http://127.0.0.1/vulnerable.php?name=test-exploit-phishing-scam-etc

http://www.networkflare.com/
Subject Author Posted

Content Spoofing vulnerability

blason August 11, 2017 02:47AM

Re: Content Spoofing vulnerability

c0nw0nk August 11, 2017 10:11AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 100
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready