It works this way: A hacker tries to access the network via a particular type of badly formed URL, which can cause the Web server to give the hacker access to directories containing files and executables. This Microsoft IIS vulnerability was discovered in October 2000, but many sites have yet to apply the security patches that fix it. Our research, in combination with NetCat's documentation, suggested that we could break in by using the UniCode IIS bug. The five tools helped by revealing operating system and other files on the Web server, defeating password protections and even obtaining (simulated) credit card files. Our self-hacking game plan was to gain access to the Web site by bombarding it with badly formed URLs, cut through authentication barricades by guessing passwords and copy Web site files once we'd cracked the site's security.
0 Comments
Leave a Reply. |