[WEB SECURITY] Placing shells (backdoors) at web sites

Alfonso Valdes Carrales ponchovaldes at gmail.com
Fri Feb 11 12:54:20 EST 2011


Mr Mustlive,

Do you got this Paper in English ? or at least Spanish?


Regards,

2011/2/11 Sebastian Schinzel <ssc at seecurity.org>

> Dear Mustlive,
>
> On Feb 10, 2011, at 8:39 PM, MustLive wrote:
> > There are few variants of placing shells (as any other backdoors) at web
> > sites. First two variants are known and third variant - it's new one,
> which
> > I created last year, when found RCE vulnerability in CMS WebManager-Pro
> > (http://websecurity.com.ua/4696/). Similar vulnerabilities also can be
> in
> > other web applications.
>
> The third one is long known to anyone with knowledge in SAP application
> security. Applications written in ABAP, SAP's proprietary programming
> language,
> are stored in the Database. If an attacker gets access to the database of a
> SAP
> system (ABAP), he can change the code.
>
> Cheers,
> Sebastian
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>



-- 
Alfonso Valdés
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110211/9357fb79/attachment-0003.html>


More information about the websecurity mailing list