Skip to content

minor fixes #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 15, 2024
Merged

minor fixes #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac5b396
minor fixes
lukasz-a-krol Aug 15, 2024
6a6f855
Merge branch 'OpenInternet:main' into main
lukasz-a-krol Aug 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/learning-path/4/module-1.en.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ Infrastructure software with vulnerabilities is usually discovered via vulnerabi

## Skill Check

Look up 2 CVEs which are listed on [https://www.opencve.io/cve](https://www.opencve.io/cve) or another CVE database. Pick those which are both described in some depth (CVE databases usually link out to external writeups which contain such details) and have a vulnerability rating. Since CVEs can often be very technical, select those which deal with a topic or technology which you are comfortable with. Answer the following questions: \
Look up 2 CVEs which are listed on [https://www.opencve.io/cve](https://www.opencve.io/cve) or another CVE database. Pick those which are both described in some depth (CVE databases usually link out to external writeups which contain such details) and have a vulnerability rating. Since CVEs can often be very technical, select those which deal with a topic or technology which you are comfortable with. Answer the following questions:

- Broadly speaking, what is the CVE about? What is the flaw or vulnerability that the attacker could exploit?
- Do you know of any people or organizations whose systems an adversary could exploit using this CVE? What if this CVE is combined with other vulnerabilities?
Expand Down
5 changes: 4 additions & 1 deletion content/learning-path/6/module-2.en.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,7 @@ For those exercises, we use nginx log files from [this collection](https://githu
3. Examine` error.log` by running `more error.log`. You can quit this command with ctrl+c or press the “q” key to return command prompt. Excluding "PHP Notice" errors. What kind of critical errors can you find in the log?
4. Exclude PHP errors from the error.log and find the lines where requests are denied due to security rules. Which sensitive file has been requested?

#### Practice exercise 4: answers
{{< question title="Practice exercise 4: answers" >}}

Exercise 1: \
Correct answer: 113 lines
Expand Down Expand Up @@ -493,6 +493,9 @@ Correct answer: `.git/config`

Command(s) to execute: `cat nginx_error.log|grep -v "PHP"|grep forbidden`

{{< /question >}}


## Skill Check

This skill check will be much easier if you’ve first completed the practice exercise above.
Expand Down
Loading