Hacking a Script

Previous page
Table of content
Next page

A normally operating Web server would output only the result of the script operation and would never disclose its source code. Nevertheless, omnipresent implementation errors result in the script code sometimes becoming available. Both the server and the script processed by it might be responsible for this. Errors in scripts are often encountered because practically everyone writes scripts without having even the vaguest idea of security. Servers usually are tested carefully . As a rule, the main security holes in servers are eliminated during beta testing.

In this chapter, attention will be focused on hacking the database. When investigating the script body, it is possible to find lots of interesting information, including field names, table names , and master passwords stored as plaintext (Listing 28.2).

Listing 28.2: Master password to the database stored as plaintext in the script body
image from book 
 ... if ($filename eq "passwd")     # Check for correctness ...
image from book
 

Previous page
Table of content
Next page
Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164
Authors: Kris Kaspersky
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
A+ Fast Pass
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
GO! with Microsoft Office 2003 Brief (2nd Edition)
Twisted Network Programming Essentials
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy