I found a potentially dangerous security bug. In the command line course, you can run the command ab, which is designed to stress test webservers. This command should be out of bounds because you can use it to (D)DoS Apache webservers.
I hope I posted in the right place
thank you for posting, we will verify if this really poses a problem. I doubt it, given you run in a sandbox, which has limits into place, making to many requests will very likely drop the connection
I ran the command and it sent over 10 000 requests. I don’t know how fast the requests were sent and how your sand-boxing system works, so I don’t know if it’s a viable DDoS tool. However, is this command used in a lesson? If not, just disable it…
no, it is not used. I will inform the engineers