Slashdot Mirror
How to Crack a Website - XSS, Cookies, Sessions
twistedmoney45 writes "Informit.com provides an insiders look at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access, an admin account, and more. XSS attacks are often discussed in theory — this walk through illustrates just how dangerous these types of attacks can be in reality."
One of my old favourite's oopsies are upload scripts that don't prevent you from uploading PHP or other web script files.
It's amazing how many webmasters leave little scripts in their public directories not stopping to think search engines may find them.
Sure, depending on the site. If they let you post information to the site, like having a guest book, then you may be able to exploit a xss.
Also depending on what you want to do to their site, if they let you upload files, but don't handle it well. ie, they may let you upload pictures of your girlfriend/sister, but they don't check to see if it is a jpeg file, or a php/cfm/asp file. Also, they may let you execute that file from that directory or not.
Any site designed badly can be used.
I remember some free pron sites, trying different number at the end of pictures to get extra freebies, or trying different directories based on names. Even a google image search of that particular site would reveal a lot of extra images or movies.
I found that if you block outgoing http/ftp requests from your webserver attacker can not install his/her code.
Run Apache web server in chrooted jail where bash or any other shell/commands are not available to attacker
Run almost all critical services in chrooted jail
Use dedicated DB server
Other extreme solution - is to put root file system on read only media such as CDROM (not useful for everyday)
And yes I know that no computer system can ever be completely secure, you can make crackers job hard only with above techniques
Just my 0.2
The important thing is not to stop questioning --Albert Einstein.