Security Basics mailing list archives
Re: Web site defacing
From: synja () synfulvisions com
Date: Mon, 14 Nov 2011 19:06:43 +0000
In one case, I was able to grab SQL credentials from a site on a shared host, and simply purchased my own account to use those credentials. Never *ever* leave passwords visible in "view source." Rob Sent on the Sprint® Now Network from my BlackBerry® -----Original Message----- From: "Littlefield, Tyler" <tyler () tysdomain com> Sender: listbounce () securityfocus com Date: Mon, 14 Nov 2011 10:44:19 To: <security-basics () securityfocus com> Reply-To: tyler () tysdomain com Subject: Re: Web site defacing On 11/14/2011 12:34 AM, a bv wrote:
Hi, what kind of vulnerabilities , methodologies does it allow to deface a web site? And what must be the countermeasures regarding these?
There are numerous issues that can allow this. The thing to keep in mind, is "defacing" only requires alteration of the content. So, this means access to how the content is stored. If you are using static html pages, that could be done through FTP or whatever mechenism you use to upload your content to the site. If you use dynamic content, such as a CMS system, that could be done by accessing the database where the content is stored, either through connecting to the database server, using sql injections, etc.
Regards ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Take care, Ty Web: http://tds-solutions.net The Aspen project: a light-weight barebones mud engine http://code.google.com/p/aspenmud Sent from my toaster. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Web site defacing a bv (Nov 14)
- Re: Web site defacing haZard0us (Nov 14)
- Re: Web site defacing Steven (Nov 14)
- Re: Web site defacing Littlefield, Tyler (Nov 14)
- Re: Web site defacing synja (Nov 14)
- Message not available
- Re: Web site defacing Harshvardhan Parmar (Nov 15)
- Re: Web site defacing Littlefield, Tyler (Nov 15)
- RES: Web site defacing Fábio Soto (Nov 15)
- Re: RES: Web site defacing synja (Nov 15)
- Re: RES: Web site defacing gold flake (Nov 16)
- Re: RES: Web site defacing Michele Orru (Nov 16)
- Re: Web site defacing Harshvardhan Parmar (Nov 15)
- Re: Web site defacing Dan Demeter (Nov 16)
- <Possible follow-ups>
- Re: Web site defacing akash . sharda (Nov 14)
- Re: Re: Web site defacing akash . sharda (Nov 17)