472,352 Members | 1,522 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > hacker problem

Join Bytes to post your question to a community of 472,352 software developers and data experts.

Hacker Problem

Hi,

I have a website hosted on MS IIS.

It has a news section fed by a database to allow the owners of the site the
ability to update the news pages themslves.

Last week a message was added by an Iranian hacker (see the end of this
post.)

What I don't understand is how they were able to do this.

The code checks for the existance of a session variable before alowing the
page to be displayed, so how could they create this variable?

Also, (from the log file,) they jumped right into the update page, not the
form where the message is created!

Any opinion would be greafully received, especially if a solution can be
suggested!!

Best reagrds

NEIL

Message:

H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39

Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
Islam

l_**************@yahoo.com


Sep 25 '06 #1
2 1716

Neil wrote:
Hi,

I have a website hosted on MS IIS.

It has a news section fed by a database to allow the owners of the site the
ability to update the news pages themslves.

Last week a message was added by an Iranian hacker (see the end of this
post.)

What I don't understand is how they were able to do this.

The code checks for the existance of a session variable before alowing the
page to be displayed, so how could they create this variable?

Also, (from the log file,) they jumped right into the update page, not the
form where the message is created!

Any opinion would be greafully received, especially if a solution can be
suggested!!

Best reagrds

NEIL

Message:

H4cked By Mafia Hacking Team Black Hat - 16 September 2006 at 14:39

Iranian Hackers Are The Best---Darkl0rD Was Here---Fuck Pop---Only For
Islam

l_**************@yahoo.com
He's been busy according to Google. And he seems to like ASP sites
that deliver stories in a file called news_item.asp and use the
querystring NewID. That's probably not all that you have in common.

http://www.hyannispoint.com/webdev/w...rabilities.asp

--
Mike Brind

Sep 25 '06 #2
>
He's been busy according to Google. And he seems to like ASP sites
that deliver stories in a file called news_item.asp and use the
querystring NewID. That's probably not all that you have in common.

http://www.hyannispoint.com/webdev/w...rabilities.asp

--
Mike Brind
Thanks Mike,

I will need to do some changes to prevent this from happening again.

Regards,

NEIL
Sep 26 '06 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
POSSIBLE OFF-TOPIC: hacker-type personality in corporate lifestyle
by: D E | last post by:
Hi. I am just curious how a hacker-type personality fits into a corporate lifestyle. I am only a student now. I have a govt. job now where i can...
Java
13
dangling pointers and security
by: Aravind | last post by:
I would like to know in what manner dangling pointers affect the security of a application developed using C++.What are the loopholes that are...
C / C++
1
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
General
0
jalbright99669
https redirect with reverse proxy
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
IIS / Internet Information Server
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
General
0
How to layout php header location with a variable as the location?
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
PHP
2
How to use http requests (Get function) to get variable value?
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
Python
0
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computer
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
General
0
PHP Curl Not wanting to connect to localhost.
by: Matthew3360 | last post by:
Hi, I have been trying to connect to a local host using php curl. But I am finding it hard to do this. I am doing the curl get request from my web...
PHP
0
BLUEPANDA
Join our open community on Discord to learn programming, SEO, and marketing
by: BLUEPANDA | last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS...
General
0
Mastering Python: A Versatile Programming Language for All
by: Rahul1995seven | last post by:
Introduction: In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy

Sitemap

Follow us! Get the Latest Bytes Updates