Test of keywords generated by users or content
Many times we allow some users to publish information and we do not moderate or review what they publish and then the title or content becomes a keyword. One way to control this is from a search engine like Google, put site: mydomain.com "keyword", being in quotes is an exact keyword.
Let's go to an example site: apple.com “steal photos” as a keyword
We found a title is actually an application called Steal photos in the Itunes store, but if we search it could be even worse with other keywords or if we suffer an xss type attack.
It also serves to see if we are positioned for a particular keyword.
Files with user metadata
This occurs in pdf and Microsoft office documents, which are edited from a windows server and published directly on the web.
For this in Google we write site: "Documents and settings"
In the results you can see the path to the directory the name of the user and even the physical path of the server where the document is located.
Accessing the robots.txt file
The robots.txt file is used to block directories and files that we do not want to be tracked, but since they are text files, they can be listed to see if there is a sensitive area such as an administration panel, or an application does not publish.
The robots.txt file is public as search engines read it when tracking information. All websites use it to protect content and directories.
SQL injections
These occur mainly when receiving parameters sent by url of the type www.mydomain.com/page?id=2
Then read that parameter to execute some sql instruction
SELECT name. FROM user key WHERE user_id = $ id;
It is best to send the query through post methods instead of getting in the html forms and instead encrypt the code and the variable with some method such as md5 or sha.
For example :
www.mydomain.com/buy?idcompra=345&producto=12
Encrypting MD5 and masking the variables
www.mydomain.com/buy?detalle_compra=e3d4b8f9637ce41a577ac68449e7f6b5
Obfuscate the javascript script
Many times web developers leave public javascript files and can be read by anyone, if you have sensitive code or system functions such as ajax or jquery redirects, they could be a web vulnerability.
An interesting method is to obfuscate the code or encrypt it so that a function that performs some important task is not easy to decipher.
function calculation (quantity, price) {// Subtotal subtotal calculation = price * quantity; documnet.getbyID ('subtotal'). value = subtotal; // Calculation of the total documnet.getbyID ('total'). Value = documnet.getbyID ('total'). Value + subtotal; } The same obfuscated code using the online tool //myobfuscate.com
Ticket Validation Attacks
Many time-saving programmers do not validate form entries and allow you to write and save anything in the database, for example instead of a name or a phone write a javascript, xss or any code that can then be executed when that record is read of the database.
- 0
Articles