Web Hacking is one of the attacks for a way to hack the web:
1. Defacing websites
2. SQL injection
3. Weakness Memanpaatkan script script like php, html, java script.
a. Deface is one of the attacks by changing the contents of the site in accordance with the wishes of the attacker.
The most common attack is to deface the e-commerce sites using Microsoft IIS. Because IIS has a bug that among the Internet known as unicode bug. with the existence of this bug hackers can access the command prompt (cmd.exe).
Techniques deface web:
1. In general, namely: Entering the data input that is illegal
aim to allow users out of files the web server after hackers entered the root directory to run cmd.exe and observe the target server directory structures.
2. TFTP (Trivial File Transfer Protocol) is a UDP-based protocol which listen on ports 69 and is very prone to security and most web servers running the TFTP service.
3. With the FTP completed deface materials. In each windows server has ftp.exe file upload to FTP or FTP download (from and to sever it).
Securing IIS server from deface:
Always updating with service packs and the latest hotfix.
Protects the firewall and IDS (intrusion detection system).
Remove write options on the HTTP protocol (HTTP 1.0 or HTTP 1.1)
The commands are supported HTTP 1.0 and HTTP 1.1
CONNECT *, * DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE
b. SQL injection is a web attacks to gain access to the database server microsoft
SQL injection techniques memampaatkan weakness in the SQL language to access the database.
Suppose enter 1 = 1 character in a username or use the boolean OR on a particular site.
Simple trick to overcome SQL injection
Use of certain strings can inputted.
then if there is a string that is invalid (not the string that we specify) just starting. ok ...
c. Utilization of weakness script
java script is a script for a web site that can be executed on the user computer (client) so that the use of java script for the transaction is very vulnerable to manipulation from user.Contoh side scripting language that works on the user (client):
-JavaScript
Client-side VB Script
The scripting language on the server side:
- ASP (Active Server Pages)
- JSP (Java Server Pages)
- PHP (Personal Home Page)
html script weaknesses of using GET and POST parameters for the method of filling a form. The problem with using GET, the variables used will appear in the URL box, which allows visitors to enter characters directly on the form process, but also limited by the GET command string 2047 characters long. Variables can also be taken with QueryString Request.
POST is used to send large amounts of data to the application on the server side, so do not use the URL query string is limited. POST is also much safer because the variables are not seen by visitors, so it is more difficult to play through the changes in variable names. However variables can still be taken with RequestForm.
1. Defacing websites
2. SQL injection
3. Weakness Memanpaatkan script script like php, html, java script.
a. Deface is one of the attacks by changing the contents of the site in accordance with the wishes of the attacker.
The most common attack is to deface the e-commerce sites using Microsoft IIS. Because IIS has a bug that among the Internet known as unicode bug. with the existence of this bug hackers can access the command prompt (cmd.exe).
Techniques deface web:
1. In general, namely: Entering the data input that is illegal
aim to allow users out of files the web server after hackers entered the root directory to run cmd.exe and observe the target server directory structures.
2. TFTP (Trivial File Transfer Protocol) is a UDP-based protocol which listen on ports 69 and is very prone to security and most web servers running the TFTP service.
3. With the FTP completed deface materials. In each windows server has ftp.exe file upload to FTP or FTP download (from and to sever it).
Securing IIS server from deface:
Always updating with service packs and the latest hotfix.
Protects the firewall and IDS (intrusion detection system).
Remove write options on the HTTP protocol (HTTP 1.0 or HTTP 1.1)
The commands are supported HTTP 1.0 and HTTP 1.1
CONNECT *, * DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE
b. SQL injection is a web attacks to gain access to the database server microsoft
SQL injection techniques memampaatkan weakness in the SQL language to access the database.
Suppose enter 1 = 1 character in a username or use the boolean OR on a particular site.
Simple trick to overcome SQL injection
Use of certain strings can inputted.
then if there is a string that is invalid (not the string that we specify) just starting. ok ...
c. Utilization of weakness script
java script is a script for a web site that can be executed on the user computer (client) so that the use of java script for the transaction is very vulnerable to manipulation from user.Contoh side scripting language that works on the user (client):
-JavaScript
Client-side VB Script
The scripting language on the server side:
- ASP (Active Server Pages)
- JSP (Java Server Pages)
- PHP (Personal Home Page)
html script weaknesses of using GET and POST parameters for the method of filling a form. The problem with using GET, the variables used will appear in the URL box, which allows visitors to enter characters directly on the form process, but also limited by the GET command string 2047 characters long. Variables can also be taken with QueryString Request.
POST is used to send large amounts of data to the application on the server side, so do not use the URL query string is limited. POST is also much safer because the variables are not seen by visitors, so it is more difficult to play through the changes in variable names. However variables can still be taken with RequestForm.
No comments:
Post a Comment