Few days ago,  the website Microsoft IEAK  was victim of a defacement. The website  promotes the “Internet Explorer Administration Kit”, a toolkit that allows to “deploy and manage Web-based solutions,”  and to “learn how to tailor a custom browser to meet customers' needs,” the website says.  

The attacker is known by the handle Cyber-Attacker (cyb3rt), he is from Saudi Arabia,  and he is not new to such activities. He is the one who carried out to a XSS attack against one of Zone-H staff members, stole his administrator password and by this mean defaced Zone-h English website.

Flaws of SQL Injection are in general as common as ' OR ' =', and  thanks to the improvements in technology and in web coders’ skills, cyber attackers could learn lots of  things on SQL , and subsequently they perfected their ability to provoke headaches to web admins…

Many people think that such attacks can be led just for pages based on ASP, and for log-in forms.  Actually, this kind of attack can be carried out against any page/source type, be it ASP, HTML, PHP or CFM: the only difference is the method. Whenever there is a mistake in SQL queries, there could be an exploitable flaw for cyber criminals.

 The only solution for admins is to work hard in collaboration with coders, revising the source code to patch any visible mistake that could  generate problems in the future.

  But since the possibility to perform a  “complete revision” of the source code is infrequent, due to a huge amount of web pages source code to revise, another solution is needed: for instance, the adoption of modules for Apache as mod_security and of .ht access to restrict the execution of SQL strings into URL and activating magic_quotes in the PHP configuration.  

In Windows Servers, administrators can use filters directly on their we  pages. Such filters can check users input and help, this way, administrators to prevent digital attacks.

 One prevention-method used by these filters, is based on disabling of warnings messages, because the apparition of similar warnings are a sort of signal that helps the attacker to get to  the website’s database or to the table/column where he is going to make the attack. 

Even today, Cyb3rt attacked a long list of web pages, including the website of the popular Security Company Kaspersky Labs. see the image below:

Comments Index (Total Messages: 12)

unwantedinfo Written by Guest on 2007-05-03 21:21:16 Re: unwantedinfo Written by Guest on 2007-05-05 10:24:11 Re: Re: unwantedinfo Written by Guest on 2007-05-08 01:01:59 Re: Re: Re: unwantedinfo Written by Guest on 2007-05-09 03:55:57 Re: Re: Re: Re: unwantedinfo Written by Guest on 2007-05-10 21:20:43 Re: Re: Re: Re: unwantedinfo Written by Guest on 2007-05-14 19:46:29 Re: Re: Re: unwantedinfo Written by Guest on 2007-09-26 15:27:18 Re: Re: Re: Re: unwantedinfo Written by 123123 on 2007-11-12 22:32:46 Saudi Hacker Written by Guest on 2007-11-14 18:17:08 Re: Saudi Hacker Written by Guest on 2007-11-16 16:14:24 Re: Saudi Hacker Written by Guest on 2008-02-28 11:27:48 Re: unwantedinfo Written by Guest on 2008-02-16 18:07:26

Powered by a Zone-H(ified) version of AkoComment 3.0!