[WEB SECURITY] Placing shells (backdoors) at web sites

MustLive mustlive at websecurity.com.ua
Sat Feb 12 15:00:10 EST 2011

Hello Alfonso!

This article, which I wrote to the list, it's a paper itself. I made it in a
form of article.

I've made English translation of my article, except two last paragraphs 
(where I told about methods of protection against such types of shells and 
backdoors) - it'll be for those who like to translate from Ukrainian with 
using of Google Translate ;-). So you need to read the paper on English in 
the mailing list
or translate it to Spanish (version from my site or version from the list).

If you want I can translate to English last two paragraphs for you.

Best wishes & regards,
Administrator of Websecurity web site

----- Original Message ----- 
From: Alfonso Valdes Carrales
To: Sebastian Schinzel
Cc: MustLive ; websecurity at lists.webappsec.org
Sent: Friday, February 11, 2011 7:54 PM
Subject: Re: [WEB SECURITY] Placing shells (backdoors) at web sites

Mr Mustlive,

Do you got this Paper in English ? or at least Spanish?


2011/2/11 Sebastian Schinzel <ssc at seecurity.org>

Dear Mustlive,

On Feb 10, 2011, at 8:39 PM, MustLive wrote:
> There are few variants of placing shells (as any other backdoors) at web
> sites. First two variants are known and third variant - it's new one,
> which
> I created last year, when found RCE vulnerability in CMS WebManager-Pro
> (http://websecurity.com.ua/4696/). Similar vulnerabilities also can be in
> other web applications.

The third one is long known to anyone with knowledge in SAP application
security. Applications written in ABAP, SAP's proprietary programming
are stored in the Database. If an attacker gets access to the database of a
system (ABAP), he can change the code.


The Web Security Mailing List

WebSecurity RSS Feed

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter

websecurity at lists.webappsec.org

Alfonso Valdйs

More information about the websecurity mailing list