1.5 WEB - How Hackers Attack Web Servers, CGIs, PHP, ASP, etc. 1.5.1 Web Site Hacking - General & Miscellaneous - ActiveX - Conceptual Failure of Security - How to obscure any URL - how spammers and scammers do it! - Surfing the Web Backwards - Backlink Navigation - HTTP Basic Authentication explained - HTML Form Protocol - send arbitrary data to any port --> http://www.ilmuhacker.com
1.5.2 Web Site Hacking - Specific Sites - Netaddress.com mailing service login form exploit - How to fake a Hotmail email - How we defaced www.apache.org - Hacking Tripod Accounts - Anonymizer, SafeWeb comments out Javascript instead of cutting it out completely - Yahoo/Hotmail susceptible to worms - gmx.net javascript filtering weakness - How to Hack a Geocities-type Web Page - Hotmail - view someone else's email! --> http://www.ilmuhacker.com 1.5.3 Web Site Hacking - Servers - Roxen arbitrary file retrieval - Sambar Web Server directory traversal - Sambar static Blowfish key - Sambar DoS - NetWare Enterprise Web Server - two issues - Mambo Site Server version 3.0.X admin privileges - Java Personal Webserver 0.9 Denial of Service - ACI 4D Webserver directory traversal - McAfee ASaP VirusScan lightweight web server - break out of its root - OmniHTTPd DoS, Show-source - Mac OS X 10.0.3 / Darwin 1.3.3, Apache 1.3.14 - Apache <1.3.17 get directory exploit - OmniHTTPd Pro DoS - Jana Webserver v1.45, 1.46, 2.0Beta1 hex-encoded dot-dot directory traversal - Lotus Domino Server 5.0.6 force Javascript to run - Lotus Domino 4.x, 5.x routing loop - Savant WWW url-encoded characters filtering problem - vWebServer show-code vulnerability - Webtrends HTTP Server show-source - Personal Web sharing v1.5.5 input overflow - SITEWare cleartext passwords, read arbitrary files - SITEWare 2.5, 3.0 arbitrary viewing of world-readable files anywhere on system - Trend Micro Virus Control System(VCS) unauthorized admin access - WAP gateways - Acme.Server 1.7 root exploit - Air Messenger LAN Server HTTP Interface Directory Traversal Attack - McAfee Agent ASaP VirusScan Software HTTP server directory traversal - Freestyle Chat server Directory traversal vulnerability - LiteServe MS-DOS filename show source vulnerability - SnapStream PVS builtin web server - 3 vulnerabilities - Lotus Notes/Domino Security Vulnerabilities AusCERT Alert 2000.10 DefCon 8.0 --> http://www.ilmuhacker.com 1.5.4 Web Site Hacking - CGI, Perl, ASP, PHP etc. - Uncgi directory traversal - WinWrapper Professional 2.0 read arbitrary files - Respondus v1.1.2 weak encryption - SuSE 6.x, 7.x sdbsearch.cgi misplaced environment variable trust - Tivoli Management Framework problem - Tivoli SecureWay Policy Director incorrect URL-Encoding handling - HTTProtect 1.1 - change protected files - MyPhpAdmin remote command execution - NetCode NC Book 0.2b remote command execution - PHPLib prior to 7.2 prepend.php3 - non-local code injection - PHProjekt security hold - PHP 4.0.x mail() does not check for shell escape codes - PHPnuke 5.x improper variable checking - BSCW Symlinks vulnerability - Cold Fusion on Linux cfrethrow tag crash - Cold Fusion multiple remote vulnerabilities - CGIWrap - cookies can be stolen - ttawebtop.cgi read arbitrary files - udirectory.pl remote command execution - viewsrc.cgi - view any file on server - webmin 0.84 leaves its login/password in a MIME encoded environment variable - web_store.cgi read arbitrary files - CGI/Perl Hacking - Safe CGI Programming - A1Stats CGI view files, overwrite files bug - Active Classifieds Free Edition 1.0 CGI fails to authenticate administrators - AdCycle up to 1.15 does not properly validate user input - 1C:Arcadia Tradecli.dll Show Path, Read Arbitrary Files, DoS - Basilix Webmail System - read any file, run PHP programs - Carello E-Commerce for NT 1.2.1 - Execute arbitrary code with Web Server privileges - DCShop can be made to give out customer credit cards in plain text - ePerl can be made to process untrusted files - FormMail.pl - spam anonymously - Gnatsweb.pl unchecked user input - Interactive Story 1.3 read arbitrary file - MP3Mystic dot-dot directory traversal - Paper: PHP common vulnerabilities - phpMyAdmin and phpPgAdmin insecure include() calls - phpSecurePages remote command execution vulnerability - PHPSlash - url scheme integrity not checked - PHProjekt directory traversal - SquirrelMail webmail Insecure include() calls - Twig 2.6.2 free webmail system Unquoted SQL Query String problem - BadBlue 1.0 Beta retrieve PHP source - CFDecrypt - Decrypt Cold Fusion templates encrypted with CFCRYPT - Baltimore Technologies WEBSweeper 4.02 bypass malicious tags - DCShop - retrieve cleartext credit cards - E-smith - insert accounts that are invisible to admin - Entrust execute arbitrary code --> http://www.ilmuhacker.com 1.5.5 Web BBSes - Surf-net ASP forum really weak "security" - SIX-webboard .. and / not processed - phpBB 1.4.0 backslash problem - phpBB 1.4.0 run arbitrary code - phpBB 1.4.0 input validation attack BBS - DCForum - attacker can create admin account! - O'Reilly WebBoard 4.10.30 execute arbitrary javascript on remote machine - A More Stealthy way to Hack a Wildcat BBS --> http://www.ilmuhacker.com 1.5.6 Web Site Hacking - Audit Tools > WhiteHat Arsenal v1.02 > WASAT (Web Authentication Security Analysis Tool) v0.1b > ExploitExpress v1.0.0 > Atelier Web Security Port Scanner 4.0 > Atlas 1.0 > Cerberus WebScan > CGI-Exploit Scanner (Japanese) > cgicheck99 0.4 > Cgichk > cgiscan.c > Cgi Sonar 1.0 > Crack Whore 2.2 > Crack Whore 2.2 Source Code > ELZA 1.4.3 > Flatline 0.80 > Guile 3.1 CGI Scanner > httptype 1.3.6 > Malice 5.3.1 > md-webscan 1.0.1 > Perl CGI Checker > Scowl CGI scanner > VoidEye CGI scanner Build 461 > Weakness - Www Vulnerablity Scanner > Webcracker 4.0 > WebDecoy > Shadow CGI check 1.00.007 > twwwscan v1.2 > UCGI Vulnerability Scanner 1.56 > Whisker 1.4 > CGI Scanner Trap 1.0 --> http://www.ilmuhacker.com