Honeynet Delineates Web Application Threats 40
An anonymous reader sends us to a technical white paper written by the Honeynet Project & Research Alliance: Know Your Enemy: Web Application Threats. Based on analysis of malware collected by the project, the paper outlines a number of HTTP-based attacks against web applications and some ways of protecting Web servers. Included are code injection, remote code-inclusion, SQL injection, cross-site scripting, and exploitation of the PHPShell application.
Re:Not malware or a bot, but still an attack. (Score:1, Interesting)
So I decided to teach this jackass a lesson and use a rewrite rule that turns those image requests into humiliating messages about himself. [...] If you're going to do something like this, don't do it from your real account./i>
What makes you think he did? For all you know, he goaded you into attacking somebody he doesn't like.
Related work (Score:5, Interesting)
Michal Zalewski pointed out a cute hack some years ago. Search engine spiders have to follow links that end in queries, like "toparticle.php?page=1". Barring extraordinary and ultimately impossible care in the coding of the spiders, they could also follow URLs that include attack code after the question mark. In _Silence on the Wire_, he imagined a crook building a long list of links to potentially vulnerable systems, appending attack code to each, and leaving the list someplace where Googlebot and its colleagues will find it. Googlebot could twist the doorknob on 1.5 million PHPBB systems a lot faster than the crook possibly could.
A Real web attack honeypot project (Score:3, Interesting)