 huwnet wrote:
-boRg- wrote:
He also looks for holes in the servers own security, for sites
that have not setup permissions securely and have write permissions
enabled on public files and folder, this allows a hacker to upload
his/her own files to the server to deface of hack the site. Permissions
need to be set by your web host, contact them to setup secure
permissions for your site.
|
I have never understood how files can be uploaded to an insecure web server just using the http protocol.
Or does the hacker somehow use the upload script to his advantage?
|
No hackers don't need to use upload scripts to do this, it's even simpler than that.
Hacking sites by using HTTP to upload files to sites with write and modify permissions enabled is simple.
I'm not going to go into it here as I do not like hacking, but just look on any hacking site.
There are loads of tools to do this, I was even taught how to use
hacking tools like this as part of a University course, so that server admins
know the security risks and how to prevent them.
The ADO.Stream object, part of ADO on windows servers makes uploading via HTTP even simpler.
Most hackers who do this are usually 14 year olds with to much
time on their hands and download simple hacking tools and think it's
cool to go around defacing sites, as if it is somthing new.
Edited by -boRg- - 28 December 2005 at 2:17pm
Topic Options
Post Options
Thanks(0)
