Results 1 to 8 of 8

Thread: Web site security flaws besides server exploits

  1. #1

    Web site security flaws besides server exploits

    An "acquaintance" of mine told me he got in trouble for hacking a web site. I took interest and asked him what web server the site was running and he said he didn't know. Is there some other types of vulverabilities that I should worry about, is there something I can do to protect my own server?
    A buttered piece of bread always lands butter side down;
    A cat always lands on its feet;
    A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    If your using IIS from m$ I'd make sure you have the latest patches installed.

  3. #3
    Junior Member
    Join Date
    Oct 2001
    Posts
    9
    There's always cgi vulnerabilities. He's probably a script kiddie though.

  4. #4
    If he doesn't know what OS then he might be bullshitting you, even kiddies do have to know what OS the box runs on.
    How will you run the right exploit if you don't know what your dealing with. Oh ok the programs do it for em.
    Just patch your box and make sure it's not M$, even Linux is not an advice you will get from me.
    Try OpenBSD or a Mac running Webstar.

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    168
    base on my experience, as a system administrator (ahemm), it depends on what you are running, and what does it do...
    \"The more you ignore me... the closer i get!\"

  6. #6
    turns out, he ran an exploit for the apache server, I don't know why he said he didn't know what the server was, I think he misunderstood me. But thanks for the info.
    A buttered piece of bread always lands butter side down;
    A cat always lands on its feet;
    A cat with a buttered piece of bread strapped to its back hovers feet above the ground in a state of quantum indecision

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    157

    Arrow no need to know o/s to hack a site

    There is no need to know the o/s to "hack" a site. A lot of vulnerabilities are coded right into the pages that are displayed. But of course, it depends on what you are calling a "hack" ... a definition of terms is needed.

    When I do a security assessment I sit down at a browser and just start viewing the pages and links and source code. My 1st question isn't ever "is it apache or IIS?" nor is it "is it running on *nix or Win?" My first question is: "What's going on here? What can I do?" I let my curiosity lead.

    Most of the time, with corporate entities, the systems ppl and the pgmrs aren't in cahoots. Also, the systems ppl will have hardened the o/s....it's the pgmrs that are sloppy and create the vulnerabilities....holes in php, asp or other cgi components.
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=

  8. #8
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    hmm well if i were to hack a site.. i would normally check the CGI for flaws or holes..

    and when u refer to "hacking a website" what do u mean by that?
    did your friend accessed the server's files? or he got inside through the login page with out logging in?..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •