You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<li>If application server is configured to run as root, an attacker can run malicious scripts (by exploiting eval family functions) or start new child processes on server</li>
<li>Read, write, delete files on file system. Create and run binary files</li>
<li>If sever mis-configured to leak internal implementation details via cookie names or HTTP response headers, then attacker can use this information towards building site's risk profile and finding vulnerabilities
<li>If the server is misconfigured to leak internal implementation details via cookie names or HTTP response headers, then attacker can use this information towards building site's risk profile and finding vulnerabilities
</li>
<li>If request body size is not limited, an attacker can upload large size of input payload, causing server run out of memory, or make processor and event loop busy.</li>
