OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Web Site Hacks

Web Site Hacks

Edward Cracknell (edwardsecurIT.net)
Tue, 2 Dec 1997 21:10:19 GMT

Web Site Hacks:

Phillip Mau <philbodmc.net> wrote:

<SNIP>

Philip raised a great thread in a direct mail to me, the essence of it
was how web sites could be compromised. As a Java dunce, I'd love some
input from you guys. Here's how I see it:

Assuming the Web server is not read only, and is in front of the
firewall:

a) The usual host OS exploits can result in changes being made to the
web server.

ftp, telnet, smtp etc.

Assuming the Web server is behind the firewall and only http is allowed:

a) The ability to run cgi-bin scripts or html form processing in a way
which will create an html page as output. (Many form-based pages take
input and produce a page for output). As a result, it might be possible
to create a page that contains a URL like:

<A HREF=telnet://target.system.behi nd.firewall> Click here </A>

This would generally allow a telnet session from the web server to the
target system and the firewall rules of ONLY http allowed through would
not stop this.

b) The ability to directly upload cgi scripts or malicious code/applets
is an obvious threat. Firewall should block this from the untrusted
network.

c) Attacks made to the DNS parent of your web site (ISP) to 'point'
traffic elsewhere

The mechanisms for http authentication might be secure, but take point c
in my list above......how many organisations check the 'hackability' of
their ISP's DNS servers?

I know I've missed all the ActiveX and Java. Can we thrash these
vulnerabilities out here?

-----------------------------------------------------------------
Edward Cracknell - <edwardSecurIT.net>

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:54 CDT