SwishMax
24-07-2007, 08:35 مساءً
Ftp Ftp is how you upload your web site, if somone finds out the password they can add/ delete anything. Brute forcing is the most common ftp attack, where a program guesses every possible combination (or from a list of words). An eight letter alpha-numeric word is almost impossible to crack, as the process is slow.
The real problem is with server side ing. Pages other than plain html (ie. pages that perform commands on the host) are a security risk. The main problems are s that write to pages (guestbooks etc.). If when the guestbok is viewed it has a .shtml extension, then it can execute commands. Eg. a malicious visitor could place the following shtml command in a messege:
#exec cmd="cat /etc/group" <br><br> <center> < type="/"><!--
google_ad_client = "pub-9375416819158597";
google_ad_ = 728;
google_ad_ = 90;
google_ad_format = "728x90_as";
google_ad_type = "_image";
//2007-01-25: main
google_ad_channel = "7513565870";
//--></>
< type="/"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</>
<br><a href="go2.htm">
<img src="http://www.afcyhf.com/image-1161560-9260046" ="720" ="300" alt="GoToMyPC - Access Your PC from Anywhere" border="0">
</a><br> [<a href=':external.AddFavorite("http ://www.how-to.tk","How-to Tutorials")'> <img src=pic/favourite.gif border=0> Add to favourites</a>] [<a href=?page_=links>Links</a>] [<a href="?page_=privacy policy">Privacy</a>] [<a href=?page_=disclaimer>Disclaimer</a>] [<a href=?page_=contact>Contact</a>] [<a href=?page_=help>Help</a>]<br> How-to.tk is interactive: Any one can add or edit a page: [<a href=edit.php>Create a page</a>] [ .write("<A class=menu tabIndex=121 href='edit.php?page_=",.all.page_. value,"&category=",.all.category.value,"'> ");</> Edit this page</A>]<br> Groovyweb tutorials-<a href=http://www.how-to.tk><i>www.how-to.tk</i></a></td>
</table></td></table
The real problem is with server side ing. Pages other than plain html (ie. pages that perform commands on the host) are a security risk. The main problems are s that write to pages (guestbooks etc.). If when the guestbok is viewed it has a .shtml extension, then it can execute commands. Eg. a malicious visitor could place the following shtml command in a messege:
#exec cmd="cat /etc/group" <br><br> <center> < type="/"><!--
google_ad_client = "pub-9375416819158597";
google_ad_ = 728;
google_ad_ = 90;
google_ad_format = "728x90_as";
google_ad_type = "_image";
//2007-01-25: main
google_ad_channel = "7513565870";
//--></>
< type="/"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</>
<br><a href="go2.htm">
<img src="http://www.afcyhf.com/image-1161560-9260046" ="720" ="300" alt="GoToMyPC - Access Your PC from Anywhere" border="0">
</a><br> [<a href=':external.AddFavorite("http ://www.how-to.tk","How-to Tutorials")'> <img src=pic/favourite.gif border=0> Add to favourites</a>] [<a href=?page_=links>Links</a>] [<a href="?page_=privacy policy">Privacy</a>] [<a href=?page_=disclaimer>Disclaimer</a>] [<a href=?page_=contact>Contact</a>] [<a href=?page_=help>Help</a>]<br> How-to.tk is interactive: Any one can add or edit a page: [<a href=edit.php>Create a page</a>] [ .write("<A class=menu tabIndex=121 href='edit.php?page_=",.all.page_. value,"&category=",.all.category.value,"'> ");</> Edit this page</A>]<br> Groovyweb tutorials-<a href=http://www.how-to.tk><i>www.how-to.tk</i></a></td>
</table></td></table