Hacker Problem

Hacker Problem
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Hacker Problem Neil 09-25-2006
`--> Re: Hacker Problem Sebastian Gotts...09-25-2006
Posted by Neil on September 25, 2006, 7:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I have a website hosted on MS IIS.

It has a news section fed by a database to allow the owners of the site the
ability to update the news pages themslves.

Last week a message was added by an Iranian hacker (see the end of this
post.)

What I don't understand is how they were able to do this.

The code checks for the existance of a session variable before alowing the
page to be displayed, so how could they create this variable?

Also, (from the log file,) they jumped right into the update page, not the
form where the message is created!

Any opinion would be greafully received, especially if a solution can be
suggested!!

Best reagrds

NEIL

Message:

H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39

Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
Islam

l_l_darkl0rd_l_l@yahoo.com







Posted by Sebastian Gottschalk on September 25, 2006, 8:13 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Neil wrote:

> It has a news section fed by a database to allow the owners of the site the
> ability to update the news pages themslves.
>
> Last week a message was added by an Iranian hacker (see the end of this
> post.)
>
> What I don't understand is how they were able to do this.
>
> The code checks for the existance of a session variable before alowing the
> page to be displayed, so how could they create this variable?
>
> Also, (from the log file,) they jumped right into the update page, not the
> form where the message is created!
>
> Any opinion would be greafully received, especially if a solution can be
> suggested!!

What about presenting the relevant code and the log entries?

Similar ThreadsPosted
Current hacker attack info where to get? May 2, 2005, 9:39 pm
Request for input from someone who has hired or managed an ex-hacker January 25, 2005, 5:39 pm
EC-Councils' Technical Director to deliver Ethical Hacker course in London January 26, 2005, 1:16 am
Request for help with a hacker project, or simple question answer sought August 5, 2006, 10:00 am
Problem K9 August 23, 2004, 8:36 pm
Deleted IE - now got a big problem August 9, 2004, 11:13 pm
NTFS Problem April 29, 2005, 1:49 pm
Off Topic - DNS Problem February 2, 2006, 5:58 pm
RSA verification problem May 11, 2006, 8:29 am
IP spoofer problem March 2, 2007, 4:37 pm

The site map in XML format XML site map

Contact Us | Privacy Policy