Page 1 of 1
exploit mod_ssl?
Posted: 28 Mar 2006, 10:04
by elf
an site have a hole, named 'Old mod_ssl versions might be susceptible to security flaws'
how to 'use' it? =)
Posted: 28 Mar 2006, 10:49
by bad_brain
first you need to know the exact version, then check on the well-known sites like packetstormsecurity or milw0rm for an exploit.
but donĀ“t expect to find something like an .exe where you can klick a button, you will most likely have to edit/compile the codes by yourself...some codes may even contain errors which are included to keep skiddies away from using them.
Posted: 28 Mar 2006, 14:32
by elf
unfortunately I AM a sk... yet.
but everybody first must be a sk - wrong?
i found the file written in C. i will see what i can do...
may i expect some edification?
this is the server: Apache-AdvancedExtranetServer
/2.0.50 (Mandrakelinux/7.2.101mdk) mod_log_sql
/1.98 mod_auth_external
/2.2.7 auth_radius
/1.7PR1 AuthentiCache
/2.0.6 mod_ssl
/2.0.50 OpenSSL
/0.9.7d PHP
/4.3.8
what means every line?
Posted: 28 Mar 2006, 17:20
by CommonStray
since its written in C, you can d/l a compiler you can run from cmd.exe (command prompt)