| PreviousFalse HTPP data | URL manipulation attacks | NextCross-Site Scripting |
The URL (Uniform Resource Locator) of a web application is the vector that makes it possible to indicate the requested resource. It is a string of printable ASCII characters that is divided into five parts:
A URL has the following structure:
| Protocol | Password (optional) | Server name | Port (optional if 80) |
Path |
| http:// | user:password@ | www.commentcamarche.net | :80 | /glossair/glossair.php3 |
The URL can make it possible to send parameters to the server by following the file name with a question mark and then data in ASCII format. A URL is then a string of characters with the following format:
http://en.kioskea.net/forum/?cat=1&page=2
By manipulating certain parts of a URL, a hacker can get a web server to deliver web pages he is not supposed to have access to.
On dynamic websites, parameters are mostly passed via the URL as follows:
http://target/forum/?cat=2
The data present in the URL are automatically created by the site and when navigating normally, a user simply clicks on the links proposed by the website. If a user manually modifies the parameter, he can try different values, for example:
http://target/forum/?cat=6
If the designer has not anticipated this possibility, the hacker may potentially obtain access to an area that is usually protected.
In addition, the hacker can get the site to process an unexpected case, for example:
http://target/forum/?cat=***********In the above example, if the site's designer has not anticipated the case where the data is not a number, the site may enter an unexpected state and reveal information in an error message.
A hacker may possibly test directories and file extensions randomly in order to find important information. Here a few classic examples:
http://target/admin/ http://target/admin.cgi
http://target/phpinfo.php3
http://target/.bak
http://target/.bash_history http://target/.htaccess
So-called directory traversal or path traversal attacks involve modifying the tree structure path in the URL in order to force the server to access unauthorized parts of the site.
In a classic example, the user may be forced to gradually move back through the tree structure, particularly in the event that the resource is not accessible, for example:
http://target/base/test/ascii.php3 http://target/base/test/ http://target/base/
On vulnerable servers, attackers can simply move back through the path with several "../" type strings:
http://target/../../../../directory/file
More advanced attacks encode certain characters:
http://target/..%2F..%2F..%2Fdirectory/file
http://target/..%u2216..%u2216directory/file
Many dynamic sites pass the name of pages to be displayed as parameters in a form similar to the following:
http://target/cgi-bin/script.cgi?url=index.htm
If no verifications are carried out, a hacker may modify the URL manually in order to request access to a site resource he does not have direct access to, for example:
http://target/cgi-bin/script.cgi?url=script.cgi
To secure a web server against URL manipulation attacks, it is necessary to keep a watch on vulnerabilities and regularly apply the patches provided by the web server's publisher.
Moreover, a detailed configuration of the web server helps keep users from surfing on pages they are not supposed to have access to. The web server should therefore be configured as follows:
Aircel pocket internet url Art attack show Download attack syn flood Download facebook hack attack Facebook hack attack prog download Facebook home.url How to be a player>> enter your keyword(s) or an link-url here << How to download facebook hack attack Land.c attack Manipulate graph with vba excel Php give argument from url Ping of death attack Smurf attack Syn attack Teardrop attack The url you requested has been blocked Url downloader free download Url of the document requested by the browser