Re: [Hack-A-Thon: Round 2 is a go!] Hack my site {Server back up}
Nitpicking...
Apache/2.2.17 (Ubuntu)
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
PHP/5.3.5-1ubuntu7
Your PHP version is being displayed in HTTP response.
Cookie was not marked as HTTPOnly
HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
register_password form field in login.php allows autocomplete
disable autocomplete
Apache MultiViews option is enabled
This vulnerability can be used for locating and obtaining access to some hidden resources.
Say when...
Apache/2.2.17 (Ubuntu)
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
PHP/5.3.5-1ubuntu7
Your PHP version is being displayed in HTTP response.
Cookie was not marked as HTTPOnly
HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
register_password form field in login.php allows autocomplete
disable autocomplete
Apache MultiViews option is enabled
This vulnerability can be used for locating and obtaining access to some hidden resources.
Say when...