My OperaWeb Hacking
Thursday, April 3, 2008 3:15:44 PM
Things to know:
=- Vulnerability : a security hole, can be exploited to change the way the webapp / software works / functions.
=- CMS's, Forums uses DataBases to store the info like users, posts, threads, messages and so on, its usually / mostly a MySQL server.
=- RFI [ Remote File Inclusion ] : a malicious user can include a 'bad' code to be executed on the vulnerable site.
=- LFI [ Local File Inclusion ] : a malicious user can open any file on the server.
=- SQL Injection : Injecting a MySQL query to bypass or get more info from a DataBase.
=- XSS [ Cross Site Scripting ] : if it was a permanent vulnerability, where the users input is saved, the user can log cookies, IP, and much more...
=- Exploit : a script made to maliciously use a vulnerability.
We are going to take each vulnerability, and take alook at what goes wrong with the web developer, that made the script vulnerable...
=- RFI ::
RFI's are exploited by including a 'bad' code from another site, to the infected site, for example you can include a PHP-Shell, and execute command on the server using it...
this vulnerability is very dangerous, a site infected with it can be compromised easily...
Learn more here....
=- Vulnerability : a security hole, can be exploited to change the way the webapp / software works / functions.
=- CMS's, Forums uses DataBases to store the info like users, posts, threads, messages and so on, its usually / mostly a MySQL server.
=- RFI [ Remote File Inclusion ] : a malicious user can include a 'bad' code to be executed on the vulnerable site.
=- LFI [ Local File Inclusion ] : a malicious user can open any file on the server.
=- SQL Injection : Injecting a MySQL query to bypass or get more info from a DataBase.
=- XSS [ Cross Site Scripting ] : if it was a permanent vulnerability, where the users input is saved, the user can log cookies, IP, and much more...
=- Exploit : a script made to maliciously use a vulnerability.
We are going to take each vulnerability, and take alook at what goes wrong with the web developer, that made the script vulnerable...
=- RFI ::
RFI's are exploited by including a 'bad' code from another site, to the infected site, for example you can include a PHP-Shell, and execute command on the server using it...
this vulnerability is very dangerous, a site infected with it can be compromised easily...
Learn more here....
