Module 4 - Reading

Question 1

vBulletin Hole

Answer 1

Failure to remove /install and /core/install allows ability to add administrator accounts

35,000 sites hacked

Question 2

Oracle Web Hacking - reasons

Answer 2

• complicated
• lots of default content
• users have to pay for patches and adivsory info
• complicated patch/upgrade process

Question 3

Joomla and Wordpress

Answer 3

• attempts to login to administrator pages /administrator/index.php and /wp-login.php
• 17000 domains in day (single computer), 100000 a week
• Stealrat (spam)
• Blackhole Exploit kit (redirect)

mitigations:

• software up to date
• strong passwords
• settings and plug-ins to help secure

Question 4

Content Management Sites (Fort Disco)

Answer 4

Windows based bonnet, attacks PHP-based blog and CMS website
> targets weak passwords (most admin and 123456)
>over 25,000 bots
> 6000 sites affected

• reasons:
• by uploading PHP shell, issue commands to thousands of sites in seconds
• hosted in data centers with large bandwidth

Question 5

Apache targets

Answer 5

1. appending malware to outgoing data via config files

2. disabling root changes on infected files

Question 6

SQL Injection

Answer 6

dnf666

• account credentials for online gaming sites
• javasploit exploit

Question 7

CMS vulnerabilities

Answer 7

• 20% of top 10,000 websites rely on CMS
• 7 of top 10 e-commerce plugins and 20% of top plugins vulnerable to attack
• 20% of vulns in 3rd party code, 80% in plugins and extensions

Top 10 vulns

• Injection
• Broken authentication
• XSS
• insecure direct object references

Question 8

Wed Ontology Language

Answer 8

OWL

Question 9

OWASP

Answer 9

Open Web Application Security Project

• 4 out of top 10 vulnerabilities related to input validation.

Question 10

Detecting

Answer 10

• Anomaly based IDS
• Signature based IDS
• Data Mining Techniques or statistical IDS
• ontology based ids