OT: Website Exploits
keith smith
klsmith2020 at yahoo.com
Wed Dec 3 18:17:38 MST 2008
It is a custom site. Basically one page does it all. Depending on what parameters/arguments are used in the URL will depend on what content is displayed. I setup a switch to test the URL parameters against know values. If no know value is entered to defaults to the 404 page.
I'm thinking that is pretty secure.
------------------------
Keith Smith
--- On Wed, 12/3/08, Lisa Kachold <lisakachold at obnosis.com> wrote:
From: Lisa Kachold <lisakachold at obnosis.com>
Subject: RE: OT: Website Exploits
To: klsmith2020 at yahoo.com, plug-discuss at lists.plug.phoenix.az.us
Date: Wednesday, December 3, 2008, 5:14 PM
#yiv2050188686 .hmmessage P
{
margin:0px;padding:0px;}
#yiv2050188686 {
font-size:10pt;font-family:Verdana;}
What index.php are you using? Is this WordPress?
http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00030.html
There are many php exploits: http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00031.html
www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
Catch the January PLUG HackFest! Kristy Westphal, CSO for the Arizona Department of Economic
Security will provide a one hour
presentation on forensics.
Date: Wed, 3 Dec 2008 14:57:35 -0800
From: klsmith2020 at yahoo.com
Subject: Re: OT: Website Exploits
To: plug-discuss at lists.plug.phoenix.az.us
Thank you for the heads up on mod_security. I'm not sure if that is installed or not.
Thanks again!
------------------------
Keith Smith
--- On Wed, 12/3/08, JD Austin <jd at twingeckos.com> wrote:
From: JD Austin <jd at twingeckos.com>
Subject: Re: OT: Website Exploits
To: klsmith2020 at yahoo.com, "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
Date: Wednesday, December 3, 2008, 3:48 PM
That is a fairly common tactic.
It exploits poor input validation and register globals in PHP.
Do yourself a huge favor and install mod_security (I assume you're using apache?)
as an extra measure of
security if you haven't already.
On Wed, Dec 3, 2008 at 3:39 PM, keith smith <klsmith2020 at yahoo.com> wrote:
Hi,
I am working on a website that gets a lot of exploit attempts.
They mostly look like this: /index.php?display=http://humano.ya.com/mysons/index.htm?
Our code is set to disregard any value that is not expected.
I'm wondering if there is a clearing house for reporting this type of stuff. I have the IP address as reported.... if that is accurate.
Thanks in advance!
Keith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Send e-mail anywhere. No map, no compass. Get your Hotmail® account now.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081203/dcf46f8d/attachment.htm
More information about the PLUG-discuss
mailing list