01-07-2008 10:20 PM - edited 03-10-2019 03:55 AM
hi
one of our websites was hacked, the attacker used weakness in the scripting, what he did was added to the address "http://www.xxx.com/details.asp?id=xxx+update+textnews+..." and by this he changed the main page.
My question is why the IPS did not detect it ? isn'this some known form of SQL injection ?
is there some good explanation about these types of attacks and what should be done to further prevent this type of attacks
Thanks a lot
01-07-2008 10:22 PM
NB: xxx is not our website i used it as a fill in the blanks instead of the original website
01-08-2008 05:51 AM
I assume the application is custom, not purchased "off the shelf"? It looks like your custom application is vulnerability to some form of URL tampering, but without more details it's hard to be sure. IDS is a signature based technology and as such doesn't do such a good job of detecting flaws in custom applications. If you allow HTTPS, it has no chance. There is something called an application firewall that is generally more effective for securing custom applications.
"isn'this some known form of SQL injection"
based on what you provided, I would say no. It looks like simple URL tampering.
"is there some good explanation about these types of attacks and what should be done to further prevent this type of attacks"
see [variable manipulation]:
http://www.owasp.org/index.php/OWASP_AppSec_FAQ
fix your application. knowing how to do that is beyond the scope of this forum. hopefully the owasp guide and site can help you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide