http://www.acunetix.com/blog Acunetix Web Application Security Blog Thu, 08 Jan 2009 21:07:06 +0000 http://backend.userland.com/rss092 en In the past days I came across a stimulating blog post titled "Dissecting a Multistage Web Attack that uses the recent IE7 0day". The authors described how a vulnerable web application was then able to infect web browsers visiting the infected website. The attackers, who used an IP that originates ... http://www.acunetix.com/blog/web-security-articles/image-upload-forms-used-to-hijack-websites/ A recent post on "Full-Disclosure" mailing list referenced a web page called "Session Destroyer". This web page is a demonstration by Kristian Erik Hermansen that promises to make logging off various popular websites very easy. How does it work? This static html page simply contains IMG tags that link to the ... http://www.acunetix.com/blog/web-security-articles/how-can-any-web-page-log-you-off-all-other-websites/ A few days ago a Cross-site-scripting vulnerability was discovered and reported on the American Express Site. A XSS vulnerability can allow attackers to steal user authentication cookies from americanexpress.com, thus leading to an account hijack. As web-security consultant Joshua D.Abraham said, web developers addressed only one instance of the problem. They ... http://www.acunetix.com/blog/websecuritynews/american-express-website-vulnerability-again/ To read part 1 of this article please refer to the previous post. Note: a large number of vulnerabilities described in this post can be exploited to bypass safe_mode. It is not recommended to rely on this PHP functionality for the security of your web servers. Only use safe_mode as a ... http://www.acunetix.com/blog/web-security-articles/why-upgrade-php-to-528-part-2/ Cross Site Scripting seems to be the word of the past few days with high profile sites getting featured on the technology news sites. ZDNet reported how Facebook just fixed four XSS security flaws affecting their developer's page, the iPhone login page, the new users registrations page and a Facebook ... http://www.acunetix.com/blog/websecuritynews/what-do-american-express-and-facebook-have-in-common/ Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site. A new version of the popular scripting language, PHP includes a couple of security fixes (taken from the Changelog): Upgraded PCRE to version 7.8 (Fixes ... http://www.acunetix.com/blog/web-security-articles/why-upgrade-php-to-528-part-1/ Nowadays, a lot of web applications are using URL rewriting. URL rewriting involves converting normal URLs to search engine friendly URLs. Usually the reason for doing this is to improve the rankings in search engines. A search friendly URL looks like this: Or like this: However, these kinds of URLs are creating a ... http://www.acunetix.com/blog/web-security-articles/url-rewriting-and-acusensor-technology-automation-and-advantages/ If a web application or web server are vulnerable to a Directory Traversal attack, a malicious user can exploit this vulnerability to step out of the web root directory and access other restricted files and directories of the file system. Typically, this also gives the malicious user the ability to ... http://www.acunetix.com/blog/web-security-articles/directory-traversal-attack-what-is-it-and-how-to-prevent-such-attacks/ A few days ago PayPal announced that they will be supporting Mobile Access for the PayPal Security Key. This means that to log into their accounts, PayPal users receive a 6 digit security code via a text message. This feature obviously adds an extra layer of security since instead of ... http://www.acunetix.com/blog/web-security-articles/two-factor-authentication-and-web-application-security/ On March 2, 2007 the following was posted on the Wordpress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. Longer explanation: This ... http://www.acunetix.com/blog/web-security-articles/acusensor-technology-in-action-finding-backdoors-in-web-applications/