Security Basics mailing list archives

Re: Web site defacing

From: synja () synfulvisions com
Date: Mon, 14 Nov 2011 19:06:43 +0000

In one case, I was able to grab SQL credentials from a site on a shared host, and simply purchased my own account to 
use those credentials.

Never *ever* leave passwords visible in "view source."

Rob
Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: "Littlefield, Tyler" <tyler () tysdomain com>
Sender: listbounce () securityfocus com
Date: Mon, 14 Nov 2011 10:44:19 
To: <security-basics () securityfocus com>
Reply-To: tyler () tysdomain com
Subject: Re: Web site defacing

On 11/14/2011 12:34 AM, a bv wrote:

Hi,

what kind of vulnerabilities , methodologies does it allow to deface a
web site? And what must be the countermeasures regarding these?

There are numerous issues that can allow this. The thing to keep in 
mind, is "defacing" only requires alteration of the content. So, this 
means access to how the content is stored.
If you are using static html pages, that could be done through FTP or 
whatever mechenism you use to upload your content to the site.
If you use dynamic content, such as a CMS system, that could be done by 
accessing the database where the content is stored, either through 
connecting to the database server, using sql injections, etc.

Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



-- 

Take care,
Ty
Web: http://tds-solutions.net
The Aspen project: a light-weight barebones mud engine
http://code.google.com/p/aspenmud

Sent from my toaster.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Web site defacing a bv (Nov 14)
- Re: Web site defacing haZard0us (Nov 14)
- Re: Web site defacing Steven (Nov 14)
- Re: Web site defacing Littlefield, Tyler (Nov 14)
  - Re: Web site defacing synja (Nov 14)
- Message not available
  - Re: Web site defacing Harshvardhan Parmar (Nov 15)
    - Re: Web site defacing Littlefield, Tyler (Nov 15)
    - RES: Web site defacing Fábio Soto (Nov 15)
    - Re: RES: Web site defacing synja (Nov 15)
    - Re: RES: Web site defacing gold flake (Nov 16)
    - Re: RES: Web site defacing Michele Orru (Nov 16)
    - Re: Web site defacing Dan Demeter (Nov 16)
- <Possible follow-ups>
- Re: Web site defacing akash . sharda (Nov 14)
- Re: Re: Web site defacing akash . sharda (Nov 17)