Web application security

Many people understand how important it is to have web application security both in the e-commerce . One of the primary concerns for organizations is attacks by appsec. However, there are many other very dangerous attacks, including cross site scripting, SQL injection and http verbse attack. Data loss is one of the most common issues following one of these attacks. However, data loss would be the least of an organization’s concerns considering attackers are generally also able to get access to the specific pieces of data they are looking for. An example of why web application security is so important is for when SQL injection allows an attacker to get access to credit card information or data relating to a person’s identity. This is often the type of information that hackers are after of course.

Example 1

In SQL:

If one provided:

the query string becomes:

 A  hacked website costs you readers, search engine rank and time and money.
Use these tips to help you find and clean a WordPress website from hacked code and malicious malware links inserted into the website code.

Wordpress hacking

WordPress vulnerabilities ; SQL injection, JavaScript insertion and.htaccess hacks are all common ways to alter the content on your WordPress website.Some hackers redirect users to another website, other hackers insert malicious links and some other hackers use the .htaccess file to steal Google rank. If you think you are hacked, here are some common sings to search for in your website code.

Check Your.htaccess File :

The .htaccess file is always in the root dlretory of your
WordPress site. The .htaccess file lets you control how the
server handles website requests such as Google crawler
access and URL redirections Hackers who gain access to the
.htaccess file insert a few lines of code that redirect
search englnes. The hacked code detects the “user
agent”value, which is passed from a web browser or
search engine to the WordPress server. If the user agent is
“Google,” the hacked .htaccess file redirects Google to
the hacked website. This hack 1s completely invisible to
your WordPress readers, and it only affects Google rank
The following code is an example of hacked .htaccess code:

RewriteCond %{HTT-REFERER} .*google.* [OR]
RewriteRule ^(.*)$ http//hackedsite.com/index.php
[R=301,L]

In the above example, if Googlebot crawlss the website, the (continue reading…)

attack asp

When i was testing an iis server after defacement attack, the webmaster was confused how hackers gaina ccess to the server and changes the visual appearance of the site or a webpage .

1 – Hackers use xgallery (Absolute gallery): SQL injection to get admin passwords and upload backdoors .
2 -Hackers uploaed automatically tools to deface the server replace every index.
3 -Hackers record the defaced home pages in zone-h digital attack archives.

Hackers exploit Xgallery panel to bypass the upload : Web application security

This attack allows a hacker who can upload a “safe” file extension (jpg, html, etc) to upload an ASP script and force it to execute on the web server. The vulnerability occurs when a file name is specified in the form of “attacker.asp;.jpg” — the application checks the file extension and sees “jpg”, but the web IIS server will stop parsing at the first “;” and sees “asp”. The result is trivial code execution on any IIS server that allows users to choose the file name of their uploaded attachment.

(continue reading…)