[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Epic Web Honeypot 2.0a - Fingerprinting Vulnerability

To: Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Epic Web Honeypot 2.0a - Fingerprinting Vulnerability
From: <gionreale@xxxxxxxxxxxx>
Date: Sun, 19 May 2019 10:53:11 +0200 (CEST)

The Epic Web Honeypot Project aims to lure attackers using various types of web 
vulnerability scanners by tricking them into believing that they have found a 
vulnerability on a host.

Version 2.0a fails to avoid fingerprinting by including predictable data and 
size within index.html(the main file). Giving attackers the ability to detect 
and avoid this system.


Discovered by Gionathan Armando Reale

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability
Next by Date: [FD] Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass
Previous by thread: [FD] local privilege escalation via CDE dtprintinfo
Next by thread: [FD] Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass
Index(es):
- Date
- Thread