-
December 11th, 2001, 11:08 PM
#1
Member
Web site security flaws besides server exploits
An "acquaintance" of mine told me he got in trouble for hacking a web site. I took interest and asked him what web server the site was running and he said he didn't know. Is there some other types of vulverabilities that I should worry about, is there something I can do to protect my own server?
A buttered piece of bread always lands butter side down;
A cat always lands on its feet;
A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision
-
December 11th, 2001, 11:30 PM
#2
If your using IIS from m$ I'd make sure you have the latest patches installed.
-
December 12th, 2001, 12:50 AM
#3
Junior Member
There's always cgi vulnerabilities. He's probably a script kiddie though.
-
December 12th, 2001, 02:48 AM
#4
If he doesn't know what OS then he might be bullshitting you, even kiddies do have to know what OS the box runs on.
How will you run the right exploit if you don't know what your dealing with. Oh ok the programs do it for em.
Just patch your box and make sure it's not M$, even Linux is not an advice you will get from me.
Try OpenBSD or a Mac running Webstar.
-
December 12th, 2001, 11:35 AM
#5
Senior Member
base on my experience, as a system administrator (ahemm), it depends on what you are running, and what does it do...
\"The more you ignore me... the closer i get!\"
-
December 13th, 2001, 10:52 PM
#6
Member
turns out, he ran an exploit for the apache server, I don't know why he said he didn't know what the server was, I think he misunderstood me. But thanks for the info.
A buttered piece of bread always lands butter side down;
A cat always lands on its feet;
A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision
-
December 13th, 2001, 11:14 PM
#7
Senior Member
no need to know o/s to hack a site
There is no need to know the o/s to "hack" a site. A lot of vulnerabilities are coded right into the pages that are displayed. But of course, it depends on what you are calling a "hack" ... a definition of terms is needed.
When I do a security assessment I sit down at a browser and just start viewing the pages and links and source code. My 1st question isn't ever "is it apache or IIS?" nor is it "is it running on *nix or Win?" My first question is: "What's going on here? What can I do?" I let my curiosity lead.
Most of the time, with corporate entities, the systems ppl and the pgmrs aren't in cahoots. Also, the systems ppl will have hardened the o/s....it's the pgmrs that are sloppy and create the vulnerabilities....holes in php, asp or other cgi components.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
Noah built the ark BEFORE it rained.
http://ld.net/?rn
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
-
December 13th, 2001, 11:28 PM
#8
hmm well if i were to hack a site.. i would normally check the CGI for flaws or holes..
and when u refer to "hacking a website" what do u mean by that?
did your friend accessed the server's files? or he got inside through the login page with out logging in?..
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|