[ Return to faqs page ]
Beta Version 3
March 4, 1998
Compiled by Simple Nomad
Disclaimer - I disclaim all of you.
Tunes - NIN, Stravinsky, Xen.
Contents N means New, U means Updated
General Info 00-1. What is this "FAQ" for? 00-2. What is the origin of this FAQ and how do I add to it? U 00-3. Is this FAQ available by anonymous FTP or WWW? 00-4. What conventions are used in this document? 00-5. What is needed in this FAQ? 00-6. Where can I get more info regarding Web security?
The Browser 01-1. What is "unsafe" about my browser? 01-2. What is vulnerable about history, bookmark, and cache files? 01-3. What other browser files are important? 01-4. Can you tell me more about the "cookie" file? 01-5. How can I protect my browser files? 01-6. Are there any default browser holes? 01-7. What about Internet Explorer?
URL Attack Time 02-1. What is phf? 02-2. What's the "test" hack? 02-3. What about that ~ character? 02-4. What's the deal with forms? 02-5. What will this look like in the target's log files? 02-6. What's the deal with Server-Side Includes? 02-7. What if SSIs are turned on but includes are stripped from user input? 02-8. What is the jj.c problem? 02-9. What are SSL and SHTTP? 02-10. How can I attack "anonymously"? N 02-11. What is the "asp dot" attack?
The Basic Web Server 03-1. What are the big "weak spots" on servers? 03-2. What are the critical files? 03-3. What's the difference between httpd running as a daemon vs. running under inetd? 03-4. How does the server resolve paths? 03-5. What log files are used by the server? 03-6. How do access restrictions work? 03-7. How do password restrictions work? 03-8. What is "Web Spoofing"?
Fun with Other Web Servers 04-1. What are some known vulnerabilities with Microsoft Internet Information Server? 04-2. What are some known vulnerabilities with Netscape for NT? U 04-3. What about WebSite and Purveyor? 04-4. Is Novell's IntranetWare web server software vulnerable? 04-5. What about WebSTAR for the Mac? 04-6. Does CERN's httpd have any vulnerabilities? N 04-6. What is the iCat Carbo Server bug?
Fun with Java/JavaScript/ActiveX 05-1. What is a JavaScript Applet? 05-2. What is the JavaScript problem? 05-3. What is an example of this "bad" Java code? N 05-4. What about ActiveX?
WWW as an InfoWar Tool 06-1. What are some good search engines? 06-2. What "vulnerable" files can I find? 06-3. What is Internet vs. Intranet servers? 06-4. I want to hack a site. How can the web help me? 06-5. Where does the "social engineer" look on the web?
CGI, Perl, Scripts, etc. 07-1. What is CGI? 07-2. Are there default vulnerabilities? 07-3. How do I spot code with holes? 07-4. Why are buffers so important?
For The Lamer... 08-1. How can I falsely increase the hits on my counter? 08-2. My ISP limits web space and I want tons of graphics. What do I do? 08-3. How can I get pictures without paying for them at adult web sites?
For The Stupid... 09-1. How do I secure things? 09-2. I'm an idiot. Exactly how do hackers get in? 09-3. I have xxx setup and xxx version running. Am I secure?
[ Return to FAQ Page ]