Download presentation
Presentation is loading. Please wait.
Published byGonzalo Kingsland Modified over 9 years ago
1
Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia
2
Objectives Describe Web applications Explain Web application vulnerabilities Describe the tools used to attack Web servers 2
3
Web Applications components Static Web pages Created using HTML Dynamic Web pages Need special components tags Common Gateway Interface (CGI) Active Server Pages (ASP) PHP ColdFusion Scripting languages Database connectors 3
4
Active Server Pages (ASP) With ASP, developers can display HTML documents to users on the fly Main difference from pure HTML pages When a user requests a Web page, one is created at that time ASP uses scripting languages such as JScript or VBScript Not all Web servers support ASP 4
5
Active Server Pages (ASP) (continued) ASP example My First ASP Web Page Hello, security professionals The time is. Microsoft does not want users to be able to view an ASP Web page’s source code This can create serious security problems 5
6
Apache Web Server Tomcat Apache is another Web Server program Tomcat Apache hosts anywhere from 50% to 60% of all Web sites Advantages Works on just about any *NIX and Windows platform It is free Requires Java 2 Standard Runtime Environment (J2SE, version 5.0) 6
7
Using Scripting Languages Dynamic Web pages can be developed using scripting languages VBScript JavaScript PHP 7
8
PHP: Hypertext Processor (PHP) Enables Web developers to create dynamic Web pages Similar to ASP Open-source server-side scripting language Can be embedded in an HTML Web page using PHP tags Users cannot see PHP code on their Web browser Used primarily on UNIX systems Also supported on Macintosh and Microsoft platforms 8
9
9 9 PHP example My First PHP Program Hello, Security Testers! '; ?> As a security tester you should look for PHP vulnerabilities PHP: Hypertext Processor (cont.)
10
VBScript Visual Basic Script is a scripting language developed by Microsoft Converts static Web pages into dynamic Web pages Takes advantage of the power of a full programming language VBScript is also prone to security vulnerabilities Check the Microsoft Security Bulletin for information about VBScript vulnerabilities 10
11
VBScript (cont.) VBScript example document.write(" Hello Security Testers! ") document.write("Date Activated: " & date()) 11
12
12
13
13 JavaScript Popular scripting language JavaScript also has the power of a programming language Branching Looping Testing Variety of vulnerabilities exist for JavaScript that have been exploited in older Web browsers
14
JavaScript (continued) JavaScript example function chastise_user() { alert("So, you like breaking rules?") document.getElementByld("cmdButton").focus() } "If you are a Security Tester, please do not click the command button below!" <input type="button" value="Don't Click!" name="cmdButton" onClick="chastise_user()" /> 14
15
15
16
16
17
SQL injection attacks Imagine this form 17 Username: Validate.asp Dim username, password, sql-statemet dim comm, rs username = request.Form(“username”) password = reqiest.Form(“password”) set comm = server.createObject(“ADODB.Connection” set rs = server.createObject(ADODB.Recordset) sql_statement = “SELECT * FROM customer WHERE tblusername = ‘” & username & “ ‘ AND tblpassword=‘” & password & “’” comm.Open “provider=SQLOLEDB; Data Source=(local); Initial Catalog=CustomerDB; User Id=sa; Password=“ rs.Open sql_statement if not rs.eof the response.write “Welcome!” else response.write “Please reenter your username and password” endif
18
SQL injection If Bob logged on with his credential, the SELECT statement would loook like: SELECT * FROM customer WHERE tblusername = ‘bob’ AND tblpassword = ‘password’ If Bob entered the following when prompted: ‘ OR 1=1 -- Then the SQL statement would be SELECT * FROM customer WHERE tblusername = ‘ ’ OR 1=1 – ‘ AND tblpassword = ‘ ’ Because 1=1 is true, the querry will be successful. Double hyphens (--) are used to represent a comment in SQL 18
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.