Sensitive Endpoints

Apache Server Status

# Apache server-status is an Apache monitoring instance
# Available by default at http://example.com/server-status.
# In normal cases, the server-status instance is not accessible by non-local IPs. 
# However, due to misconfiguration, it can be publicly accessible. 
# This leads anyone to view the great amount of data by server-status.

# Data exposed :
# - All URL requested by all hosts/vhosts, including obscure files/directories and session tokens
# - All requested client's IPs 

# Monitoring and exploiting Server Status
https://github.com/mazen160/server-status_PWN
python server-status_PWN.py --url 'http://example.com/server-status'