Separate Focus HTML for Basic Foil 36 Web Exposures

Basic HTML version of Foils prepared May 19 99

Foil 36 Web Exposures

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski

1	When PHF script exist http://your.host/cgi-bin/phf?Qalias=x%0Acat%20/etc/passwd %0A -new line; %20 - space
2	Most Web applications are never tested for penetration vulnerabilities (input handling issues) cgi script may be able to use files outside of server area unexpected arguments
3	Web servers have well-known bugs: in most cases requires ability to find, read and recreate exploits
4	various exploits described at http://www.cert.org/advisories/
5	Most popular: replace web pages with new ones; put additional contents

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999