[WEB SECURITY] Placing shells (backdoors) at web sites
Alfonso Valdes Carrales
ponchovaldes at gmail.com
Fri Feb 11 12:54:20 EST 2011
Do you got this Paper in English ? or at least Spanish?
2011/2/11 Sebastian Schinzel <ssc at seecurity.org>
> Dear Mustlive,
> On Feb 10, 2011, at 8:39 PM, MustLive wrote:
> > There are few variants of placing shells (as any other backdoors) at web
> > sites. First two variants are known and third variant - it's new one,
> > I created last year, when found RCE vulnerability in CMS WebManager-Pro
> > (http://websecurity.com.ua/4696/). Similar vulnerabilities also can be
> > other web applications.
> The third one is long known to anyone with knowledge in SAP application
> security. Applications written in ABAP, SAP's proprietary programming
> are stored in the Database. If an attacker gets access to the database of a
> system (ABAP), he can change the code.
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity