[WEB SECURITY] Placing shells (backdoors) at web sites
mustlive at websecurity.com.ua
Sat Feb 12 15:00:10 EST 2011
This article, which I wrote to the list, it's a paper itself. I made it in a
form of article.
I've made English translation of my article, except two last paragraphs
(where I told about methods of protection against such types of shells and
backdoors) - it'll be for those who like to translate from Ukrainian with
using of Google Translate ;-). So you need to read the paper on English in
the mailing list
or translate it to Spanish (version from my site or version from the list).
If you want I can translate to English last two paragraphs for you.
Best wishes & regards,
Administrator of Websecurity web site
----- Original Message -----
From: Alfonso Valdes Carrales
To: Sebastian Schinzel
Cc: MustLive ; websecurity at lists.webappsec.org
Sent: Friday, February 11, 2011 7:54 PM
Subject: Re: [WEB SECURITY] Placing shells (backdoors) at web sites
Do you got this Paper in English ? or at least Spanish?
2011/2/11 Sebastian Schinzel <ssc at seecurity.org>
On Feb 10, 2011, at 8:39 PM, MustLive wrote:
> There are few variants of placing shells (as any other backdoors) at web
> sites. First two variants are known and third variant - it's new one,
> I created last year, when found RCE vulnerability in CMS WebManager-Pro
> (http://websecurity.com.ua/4696/). Similar vulnerabilities also can be in
> other web applications.
The third one is long known to anyone with knowledge in SAP application
security. Applications written in ABAP, SAP's proprietary programming
are stored in the Database. If an attacker gets access to the database of a
system (ABAP), he can change the code.
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
More information about the websecurity