We have been concentrating a lot on webservers - like said earlier in this
document, there is an abundance of webservers out there, and they are been
used in more and more situations. Another neat trick is using HTTP
redirects. Many webservers have customized management pages "hidden"
somewhere on the same site. Typically these are developed by the same people
that developed the main site, and are used by the owners of the webpage to
facilitate updating of news snippets, tickers and "new bargain offerings".
In most cases these pages consists of a login page and a pages where the
administrator can change the site content - served after login have
occurred.
Once the backend management page has been found, (see HTTP section – data
mining) and the administrator's username and password has been cracked (see
HTTP - basic authentication or web-based login) you should be in a position
to add, alter or delete items. In most cases the description of these items
(be that a product description, news item, or special offering) is HTML
sensitive. This means it could read like this: <h1> Big savings </h1>. While
this in itself is harmless (unless you want write a note in extra large,
blinking letters about the site's security) it does have potential for
interesting use. By changing the description to an HTTP-redirect you could
redirect clients to a completely different site. An HTTP-redirect looks like
this:
<META HTTP-EQUIV=REFRESH CONTENT=0;URL=http://www.sensepost.com>
Obviously you will have to change the URL unless you want to redirect
visitors to our website. Although this is a quick way to do a complete
deface of a site it should be used for more interesting activities. You
might want to completely copy the "target" website to your server, and
direct customers to a slightly modified copy. The copy would of course mine
customer details and send forms to the real server - it would appear totally
transparent to the casual netizen. The copy could also contain some nasty
content level attacks - remember Brown Orifice(August 2000)?
document, there is an abundance of webservers out there, and they are been
used in more and more situations. Another neat trick is using HTTP
redirects. Many webservers have customized management pages "hidden"
somewhere on the same site. Typically these are developed by the same people
that developed the main site, and are used by the owners of the webpage to
facilitate updating of news snippets, tickers and "new bargain offerings".
In most cases these pages consists of a login page and a pages where the
administrator can change the site content - served after login have
occurred.
Once the backend management page has been found, (see HTTP section – data
mining) and the administrator's username and password has been cracked (see
HTTP - basic authentication or web-based login) you should be in a position
to add, alter or delete items. In most cases the description of these items
(be that a product description, news item, or special offering) is HTML
sensitive. This means it could read like this: <h1> Big savings </h1>. While
this in itself is harmless (unless you want write a note in extra large,
blinking letters about the site's security) it does have potential for
interesting use. By changing the description to an HTTP-redirect you could
redirect clients to a completely different site. An HTTP-redirect looks like
this:
<META HTTP-EQUIV=REFRESH CONTENT=0;URL=http://www.sensepost.com>
Obviously you will have to change the URL unless you want to redirect
visitors to our website. Although this is a quick way to do a complete
deface of a site it should be used for more interesting activities. You
might want to completely copy the "target" website to your server, and
direct customers to a slightly modified copy. The copy would of course mine
customer details and send forms to the real server - it would appear totally
transparent to the casual netizen. The copy could also contain some nasty
content level attacks - remember Brown Orifice(August 2000)?