Cpanel Exposed

Description

The administrator login page is accessible to any IP address.

Bussines Impact

An attacker could exploit this finding to perform BruteForce on users / create a similar phishing page and more.

Recommendation

Define which IP addresses are allowed to access the administrator’s login page.

Reference

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »