What are some common exploits?
CGI scripts CGI scripts consist of server-side programs which generate Dynamic web sites. A typical CGI is be formmail.cgi, which allows users to send e-mails to the website administrator without making use of an e-mail client. Other attacks that make use of CGI scripts include Cross Site scripting, SQL command injection, and Path traversal. Web server attacks Many times the web server itself could have security holes. Both Apache on UNIX and IIS on Windows NT have their share of root or SYSTEM vulnerabilities. An unpatched IIS 5 is vulnerable to the UNICODE directory traversal attack where attackers are able to execute files such as CMD.exe to gain a remote shell. Another common bug is buffer overflow in the request field or in one of the other HTTP fields. Web browser attacks Most modern web browsers have a series of security loopholes. Typical software vulnerabilities like format string and buffer overflow attacks are also found in http clients (such as Internet Explorer and Netscap
