Security Basics mailing list archives
Re: Web site defacing
From: Steven <swierckxlists () gmail com>
Date: Mon, 14 Nov 2011 19:02:37 +0100
Hello,It depends a bit what you mean by defacing, normally defacing means you add text or pictures on a (the landing) page with some kind of message. For this to happen you need to be able to save the HTML with the changed content on the web server. You will need some kind of rights to upload files to the webserver to pull this off. XSS could also be used if you can save your XSS somewhere (think comments, forum etc.)
If you mean stealing data from a website then you could use SQL Injection, if the webmaster was so careless to save passwords to the database you could use this attack to find a login with enough rights to upload files, if the webmaster was then also careless you could perhaps even upload a new index.html.
Prevention consists of protecting against the OWASP top-10 (remote file include and SQLI and XSS would be your main areas of interest for defacing).
Defacing websites used to be a hot thing in the past, these days it is less used since there are many more dangerous attacks possible then to upload some silly message to a web server.
A nice archive of defaced websites is http://www.zone-h.org/archive Greets Steven www.iHackForFun.eu On 11/14/2011 08:34 AM, a bv wrote:
Hi, what kind of vulnerabilities , methodologies does it allow to deface a web site? And what must be the countermeasures regarding these? Regards ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Web site defacing a bv (Nov 14)
- Re: Web site defacing haZard0us (Nov 14)
- Re: Web site defacing Steven (Nov 14)
- Re: Web site defacing Littlefield, Tyler (Nov 14)
- Re: Web site defacing synja (Nov 14)
- Message not available
- Re: Web site defacing Harshvardhan Parmar (Nov 15)
- Re: Web site defacing Littlefield, Tyler (Nov 15)
- RES: Web site defacing Fábio Soto (Nov 15)
- Re: RES: Web site defacing synja (Nov 15)
- Re: RES: Web site defacing gold flake (Nov 16)
- Re: RES: Web site defacing Michele Orru (Nov 16)
- Re: Web site defacing Harshvardhan Parmar (Nov 15)
- Re: Web site defacing Dan Demeter (Nov 16)
- <Possible follow-ups>
- Re: Web site defacing akash . sharda (Nov 14)