Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Bypassing web antiviruses and attack via tables corruption in MySQL

M
MustLive
Sat, May 5, 2012 8:50 PM

Hello participants of Mailing List.

As I've wrote last month in the list, I've presented full translation of my
articles (in a form of new complex article), which I told
you briefly in my post Bypassing of security mechanisms
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-September/008051.html).
And now I will tell you about other my articles, written in September 2011
and in April 2012. Request full translation of any of them if needed.

I'll tell you briefly about my two articles concerning bypassing web
antiviruses and attack via tables corruption in MySQL. Which I wrote in
September and in April accordingly. These topics should be interesting for
you (especially for those, who haven't read them before).

  1. Effective use of cloaking against web antiviruses
    http://websecurity.com.ua/5359/

In this article I told more about the cloaking - the way how web antiviruses
became fighting with it and other ways of bypassing them with cloaking. This
is third article in my series about bypassing of web antiviruses (after
2010's "Bypass of systems for searching viruses at web sites" and 2011's
"Bypassing of behavioral analysis or malware strikes back").

After my 2010's article, where I wrote about such simple and well known way
of hiding from web antiviruses bots as cloaking, which similarly used from
90s for hiding from search engines bots, in August 2011 I've found the first
change. If I've made my own web antivirus immune to cloaking already in 2008
(from the first version), then from other vendors, such as search engines,
we had need to wait. And in the end of August 2011 I've found Google's bot,
who changed its UA. But due to other mistakes, it couldn't hide well his
true face :-), so it was possible for malware to use cloaking for hiding
from the bot. So it's needed to fight with cloaking more effectively.

  1. Attack via tables corruption in MySQL
    http://websecurity.com.ua/5796/

In this article I told about attacks on web applications via tables
corruption in MySQL. This attack I've described in 2009 (in my advisory
about WordPress) and later in 2011 (in my advisories concerning IPB), but
now I've wrote detailed article about it.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Hello participants of Mailing List. As I've wrote last month in the list, I've presented full translation of my articles (in a form of new complex article), which I told you briefly in my post Bypassing of security mechanisms (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-September/008051.html). And now I will tell you about other my articles, written in September 2011 and in April 2012. Request full translation of any of them if needed. I'll tell you briefly about my two articles concerning bypassing web antiviruses and attack via tables corruption in MySQL. Which I wrote in September and in April accordingly. These topics should be interesting for you (especially for those, who haven't read them before). 1. Effective use of cloaking against web antiviruses http://websecurity.com.ua/5359/ In this article I told more about the cloaking - the way how web antiviruses became fighting with it and other ways of bypassing them with cloaking. This is third article in my series about bypassing of web antiviruses (after 2010's "Bypass of systems for searching viruses at web sites" and 2011's "Bypassing of behavioral analysis or malware strikes back"). After my 2010's article, where I wrote about such simple and well known way of hiding from web antiviruses bots as cloaking, which similarly used from 90s for hiding from search engines bots, in August 2011 I've found the first change. If I've made my own web antivirus immune to cloaking already in 2008 (from the first version), then from other vendors, such as search engines, we had need to wait. And in the end of August 2011 I've found Google's bot, who changed its UA. But due to other mistakes, it couldn't hide well his true face :-), so it was possible for malware to use cloaking for hiding from the bot. So it's needed to fight with cloaking more effectively. 2. Attack via tables corruption in MySQL http://websecurity.com.ua/5796/ In this article I told about attacks on web applications via tables corruption in MySQL. This attack I've described in 2009 (in my advisory about WordPress) and later in 2011 (in my advisories concerning IPB), but now I've wrote detailed article about it. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Empathy v1.0   2024 ©Harmonylists.com