Home page logo
/

basics logo Security Basics mailing list archives

Re: Web site defacing
From: Steven <swierckxlists () gmail com>
Date: Mon, 14 Nov 2011 19:02:37 +0100

Hello,

It depends a bit what you mean by defacing, normally defacing means you add text or pictures on a (the landing) page with some kind of message. For this to happen you need to be able to save the HTML with the changed content on the web server. You will need some kind of rights to upload files to the webserver to pull this off. XSS could also be used if you can save your XSS somewhere (think comments, forum etc.)

If you mean stealing data from a website then you could use SQL Injection, if the webmaster was so careless to save passwords to the database you could use this attack to find a login with enough rights to upload files, if the webmaster was then also careless you could perhaps even upload a new index.html.

Prevention consists of protecting against the OWASP top-10 (remote file include and SQLI and XSS would be your main areas of interest for defacing).

Defacing websites used to be a hot thing in the past, these days it is less used since there are many more dangerous attacks possible then to upload some silly message to a web server.

A nice archive of defaced websites is http://www.zone-h.org/archive

Greets

Steven
www.iHackForFun.eu




On 11/14/2011 08:34 AM, a bv wrote:
Hi,

what kind of vulnerabilities , methodologies does it allow to deface a
web site? And what must be the countermeasures regarding these?


Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]