Website hack – discovering vulnerabilities

Website hack – discovering vulnerabilities

File upload

The easy type of vulnerability, because a php o python or other type of file could be uploaded and, once called can represent a backdoor on server machine.
For instance, if the server knows php, then through a program call e weevly, a php shell can be created (by weevly) and uploaded. From that moment it’s enough to get the URL of the uploaded php shell and through weevly we can connect to the server (starting from the folder where the shell has been saved).

Command execution vulnerability

This type of vulnerability allows to execute OS command on the target server.

When a function in the webpage allows to execute OS command (a ping for instance)
we can add a “;” after the command executed adding a second command.
For instance, in a page that allows to do a ping, after the IP address we can add “; pwd”

Local/Remote file inclusion

it allows to read files outside www directory
When a webpage includes, using URL, another page we can include, using relative path, other files on the server, and their content will be displayed.
Same happens in case the webserver allows to include remote file. In that case we can include a file made by us, and available remotely, which could contain a command tha will be executed when we include the remote file

Mitigation

File Upload

Always check the content type (and not the extension) of the file uploaded (images/media,…)

Code execution

Don’t use it or filter the input

File inclusion

Prevent remote file inclusion
Use static file inclusion and not dynamic one.