[WEB SECURITY] Bypassing web antiviruses and attack via tables corruption in MySQL

MustLive mustlive at websecurity.com.ua
Sat May 5 16:50:36 EDT 2012


Hello participants of Mailing List.

As I've wrote last month in the list, I've presented full translation of my
articles (in a form of new complex article), which I told
you briefly in my post Bypassing of security mechanisms
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-September/008051.html).
And now I will tell you about other my articles, written in September 2011
and in April 2012. Request full translation of any of them if needed.

I'll tell you briefly about my two articles concerning bypassing web
antiviruses and attack via tables corruption in MySQL. Which I wrote in
September and in April accordingly. These topics should be interesting for
you (especially for those, who haven't read them before).

1. Effective use of cloaking against web antiviruses
http://websecurity.com.ua/5359/

In this article I told more about the cloaking - the way how web antiviruses
became fighting with it and other ways of bypassing them with cloaking. This
is third article in my series about bypassing of web antiviruses (after
2010's "Bypass of systems for searching viruses at web sites" and 2011's
"Bypassing of behavioral analysis or malware strikes back").

After my 2010's article, where I wrote about such simple and well known way
of hiding from web antiviruses bots as cloaking, which similarly used from
90s for hiding from search engines bots, in August 2011 I've found the first
change. If I've made my own web antivirus immune to cloaking already in 2008
(from the first version), then from other vendors, such as search engines,
we had need to wait. And in the end of August 2011 I've found Google's bot,
who changed its UA. But due to other mistakes, it couldn't hide well his
true face :-), so it was possible for malware to use cloaking for hiding
from the bot. So it's needed to fight with cloaking more effectively.

2. Attack via tables corruption in MySQL
http://websecurity.com.ua/5796/

In this article I told about attacks on web applications via tables
corruption in MySQL. This attack I've described in 2009 (in my advisory
about WordPress) and later in 2011 (in my advisories concerning IPB), but
now I've wrote detailed article about it.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua





More information about the websecurity mailing list