Except SQLi are there any vulnerabilities that can deface web sites?
- Hot
- Active
-
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
20 hrs ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
1 wk ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
4 wks ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
4 wks ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
2 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
2 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
3 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
3 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
3 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
3 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
4 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
4 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
5 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
6 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
6 mo ago -
Forum Thread: How to Hack School Website 11 Replies
6 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
6 mo ago -
Forum Thread: Creating an Completely Undetectable Executable in Under 15 Minutes! 38 Replies
7 mo ago
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How To: Hack Android Using Kali (Remotely)
-
How To: Dox Anyone
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To: Make Your Own Bad USB
-
How To: Hack Apache Tomcat via Malicious WAR File Upload
-
How To: Scan Websites for Interesting Directories & Files with Gobuster
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Intercept Images from a Security Camera Using Wireshark
-
How To: Get Root with Metasploit's Local Exploit Suggester
-
How To: Use Command Injection to Pop a Reverse Shell on a Web Server
-
How To: Find Passwords in Exposed Log Files with Google Dorks
-
How To: Create Custom Wordlists for Password Cracking Using the Mentalist
-
How To: Write an XSS Cookie Stealer in JavaScript to Steal Passwords
5 Responses
good question .
XSS maybe
Then DoS or DDoS maybe. But that won't be a vulnerability.
I guess any software/protocol being used by the web-server could turn into a vulnerability.
it's mean only way that can deface web site is SQLi?
You can use RFI (remote file inclusion) and/or arbitrary file upload exploits to get a PHP shell on there, then go from there.
C|H has a tutorial on here about hiding some PHP code in a JPEG to use as a connection to upload a shell. I wasn't able to get it to work, personally, but it wouldn't hurt to give it a shot ... https://null-byte.wonderhowto.com/how-to/upload-shell-web-server-and-get-root-rfi-part-1-0162818/
Share Your Thoughts