Security Basics mailing list archives
RE: How webpage defacement possible just using web hacking?
From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Wed, 09 Mar 2005 16:27:44 +0000
Hi there Monty,Are you able to tell us if there was any other web applications running on the website / web spave e.g. a forum / billetin board system, chat room, etc? This is a common way in which milicious system crackers crack (or hack as you say) into web servers.
Kindest of regards, Hamish Stanaway, CEO Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New Zealand http://www.webhosting.net.nz http://www.buywebhosting.co.nz http://www.koreworks.com
From: "Monty Ree" <chulmin2 () hotmail com> To: security-basics () securityfocus com Subject: How webpage defacement possible just using web hacking? Date: Wed, 09 Mar 2005 00:55:50 +0000 MIME-Version: 1.0 X-Originating-IP: [222.235.68.254] X-Originating-Email: [chulmin2 () hotmail com] X-Sender: chulmin2 () hotmail comReceived: from [205.206.231.27] ([205.206.231.27]) by mc2-f12.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 8 Mar 2005 21:49:54 -0800 Received: from no.name.available by [205.206.231.27] via smtpd (for [65.54.190.7] [65.54.190.7]) with ESMTP; Tue, 8 Mar 2005 21:49:54 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid C3D99236FB8; Tue, 8 Mar 2005 19:38:55 -0700 (MST)Received: (qmail 8809 invoked from network); 9 Mar 2005 01:11:55 -0000 X-Message-Info: 6sSXyD95QpUpYOP2Bn5UQ49DybFffGX0JNNjCnDrpIE= Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus comX-OriginalArrivalTime: 09 Mar 2005 00:55:50.0974 (UTC) FILETIME=[BD25CDE0:01C52442] Return-Path: security-basics-return-33010-koremeltdown=hotmail.com () securityfocus comHello, all. Some days ago, a site is defacemented by web hacking.I guess that some attacker gained web server permission using web application vuln. and changed index file. Surely, the attacker did gain just nobody privilege(web server user) not root privilege and the index file permission is 644 with other user owned.(and there is no write permission at directory)I guess that it is impossible to change index file just nobody privilege. But most webpage defacement is occured using web application vuln. by php or cgi something like that.Of course, it will be possible that vulnerable cgi is set suid. but most is not.Any idea? Thanks in advance. _________________________________________________________________°í.. °¨.. µµ.. »ç.. ¶û.. ¸¸.. µé.. ±â.. MSN ·¯ºê http://www.msn.co.kr/love/
Current thread:
- How webpage defacement possible just using web hacking? Monty Ree (Mar 08)
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 09)
- Message not available
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 10)
- Message not available
- Re: How webpage defacement possible just using web hacking? Eduardo Kienetz (Mar 09)
- <Possible follow-ups>
- RE: How webpage defacement possible just using web hacking? Hamish Stanaway (Mar 09)