Summary:easy is the hack attack 1 0 a vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200923174
Type myhack58
Reporter 佚名
Modified 2009-05-10T00:00:00


Application-level security vulnerabilities are usually not as similar to the SirCam email virus such as Code Red this worm so easy to widely spread, but they will also cause a lot of problems, from the theft of product or information to make the entire Web site was completely paralyzed. Ensure that web application security is not a simple thing, and unfortunately the application of the attack is very easy.

One and the hackers will usually take several hours to become familiar with Web applications, like the preparation of the program of programmers that think then figure out the programming when leaving the vulnerability, and then through the browser malicious manner with the application program and associated facilities interact, resulting small or Large damage.

To prevent these problems, companies must identify the website weaknesses and then close likely to be black can take advantage of the gap. This article lists and explains site the most easy to be exploited by hackers to attack the weaknesses.

Identify the problem

As the Sanctum the company's CTO, I have helped many companies identify and remediate web application security issues. Sanctum company also provides security consulting services and for the perfectnetworksafety of long-term Defense technology as well as the verification tool so as to many engaged in e-Commerce companies solve a large number of application-level security issues.

Sanctum check out more than 1 0 0 home top sites, simulate hacker attacks, found that more than 9 percent 7 the site has just a few hours can break a serious application-level issues. Sanctum of the check is usually referred to as"good will hacking", because it is customer requirements and authorized the Sanctum on their site for the invasion-as a user(or hacker)that, in the company'sfirewalland the network outside of the site access.

By using Sanctum of the automated application vulnerability assessment tools AppScan, the inspectors traverse the entire network, identify the site of application security policies, identify the target sites of known and unknown vulnerabilities, and then simulate the hacker exploit the vulnerabilities of websites to attack. Each successful attack and each vulnerability's severity will be evaluated, and then submitted to the company a detailed report and repair recommendations.

Common Vulnerabilities

Almost all of the Sanctum for the inspection are found each website are taking a strict network-level security measures(e.g. firewall and encryption), these sites will still make a hacker be able to customer and company for the invasion.

1. Cookie poisoning-the identity of the disguised

By processing stored in the browser cookie information, a hacker masquerading as a legitimate user and then you can access the user's information. Many Web applications use client cookies to save information(user identity, timestamp, etc.). Since the cookies are usually not encrypted, a hacker can modify them, so that you can by these"Poison cookies"to trick the app. There's a malicious user can access their account and then as a real user as acting.

2. Manipulation of hidden fields--electronic shoplifting

Hackers can easily change the page of the original code of the hidden field to change an item price. These fields are typically used to store customer session information in order to reduce theserverend of the complexdatabaseto handle the job. Since e-Commerce applications use hidden fields to save the price of the goods, the Sanctum of the inspectors will be able to see the site's source code, find the hidden field, and then change the price. And in a real environment, no one can find these changes, and this company must be in accordance with the change of the price of sending the merchandise, and even to send discounts.

3. Tampering with the parameters-fraud

This technique to change the site URL parameter. Many web applications cannot determine embedded in the hyperlink in the CGI parameters. For example, allow credit card use of 5 0 of 0, 0 0 0 Yuan such a large amount of restriction, skip a site login screen and allows for the cancellation of orders and customer information to be accessed.

4. Buffer overflow-the business is terminated

Through the use of some form of data stream, with an excess of information that the server is overloaded, hackers are often able to bring down the server to close the site.

5. Cross-site scripting--taken credit

Hack to the website to enter malicious code on the target server run for a while it looks harmless error the script will make the hackers to full access to the acquired document, the server is even possible to hack the transfer a page of data.

6. Backdoor and debug options-the invasion

Programmers often in the website officially before operation in the program left the Debug option. Sometimes due to the rush, they forget to close these loopholes that allow the hackers to freely access sensitive information.

7. Forced browsing-the forced intrusion

By changing the program flow, the hacker can under normal circumstances be unable to obtain the information and procedures for some part of the visit, such as log files, Administration Tools and web application source code.

8. Dive instruction-the secret weapon

Hackers often through a Trojan infection dangerous instructions, by running the malicious or unauthorized instructions to destroy the site.

9. Third-party error-weakening website

Once the vulnerability on a public website is published and corrected(such as Securityfocus), the hacker will be informed of these new security vulnerabilities. For example, by a setting error, a hacker can create a new database to avoid the use of on the website not effective intrusion method.

1 0. Known vulnerabilities-control site

Each site used some of the techniques have some inherent defect, this will be a persistent hackers use. For example, Microsoftof the ASP technology can be used to obtain the administrator password and then control the entire site.