HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process to gain access to a protected directory contents. Presumably, if such an attack is successful, you can launch further attacks such as SQL Injection, Local File Inclusion, Remote File Inclusion, etc. on discovered files.
Features of HTExploit:
- Multiples modules to execute.
- Save the output to an specify directory.
- HTML Reporting.
- Use multiples wordlist to probe against htaccess bypassing.
- Mode verbose for a full detailed information.
- Multi-platform and flexible.
The vulnerability exists because web servers like Apache forward PHP-based requests within .htaccess to the PHP engine itself. The .htaccess file allows you to specify the requests get sent to PHP to try to interpret. However, on encountering non-standard input, PHP automatically treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem, bypassing security restrictions!
Facebook Comments Plugin by Master cMs>
Do you like this post? Please link back to this article by copying one of the codes below.
URL Of Post:
HTML Link Code:
BB (forum) link code:
0 comments:
Post a Comment