Re: [SLUG] Probes of SLUG Site?

From: Paul M Foster (paulf@quillandmouse.com)
Date: Wed Apr 05 2006 - 01:19:39 EDT


steve szmidt wrote:
> On Wednesday 05 April 2006 00:16, Paul M Foster wrote:
>
>>I need someone more expert in security than me, perhaps someone at NKS,
>>since the SLUG site is hosted there. I'm seeing what appear to be
>>"probes" of the SLUG site. Someone is going to (for example) the
>>volunteer page, and filling out the form. A typical example is as follows:
>
>
> Looks like a cross site request forgery.
>
> Since a browser does not know what to expect when it hits a web site it will
> collect what is being offered. They are trying to have Your computer go to
> their website and pickup something. Possibly a root kit.
>
> If you use php make sure it has been locked down properly.
>
>

So what you're saying is that they assume whatever they enter will get
posted onto the website? And someone will be dumb enough to see it and
perhap click on it, thence get hacked?

If so, it won't work. The results of the forms get emailed to me. If I
approve, I run a script that inserts the appropriate form data in the
webpage. Not possible to post directly to the website. In addition, many
of the forms being filled out never get their data to the website.
They're for SLUG internal use only (like the one I showed an example of).

But this doesn't answer the question of whether it's possible to
automate the process of filling out the forms. The forms are PHP and use
POST rather than GET.

Paul

-- 
Paul M. Foster
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:31:49 EDT