On Dumb Crackers

November 12th, 2009 by Dario Solera | Filed under Internet, Security.

It happens that there is an old version of a PHP-based CMS application that is affected by a bug that, if I understand correctly, allows an attacker to alter the content of a part of a site, called snippet.

ScrewTurn Wiki has snippets (but they’re secure).

The funny thing is that we get a ton of attacks that try to apply the same technique used for the above-mentioned CMS to our website because, I think, there is a page called snippets. Crackers are getting dumber I guess…

STW, in such cases, simply crashes as the HTTP query string is a complete mess, so no worries, we fail fast. At any rate, even if the request was well-formed, an attacker cannot bypass the security configuration like she’s doing in the above-mentioned CMS: permissions are checked for every single request, including all post-backs.

«
»

Leave a Reply

Side Projects

  • RESX Synchronizer allows to synchronize multi-language .resx files (used for the development of ScrewTurn Wiki).
  • Pixel Picker enables to pick the color of pixels on your screen — very handy for day-to-day graphics-related activities.

About

  • Copyright ©2006-2010 Threeplicate Srl. All rights reserved. Some of the icons created by FamFamFam.
  • See our Privacy Policy.