If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
If you have an admin login page for your custom built CMS, why not call it ‘Flowers.php’ or something, instead of “AdminLogin.php” etc.?
Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
Do a few Google hacks on your name and your website. Just in case…
When in doubt, pull the yellow cable out! It won’t do you any good, but hey, it rhymes.
UPDATEI had posted a link here to a hacking bulletin board containing specific sql injections strings etc. The link pointed to a page which listed numerous hacks targetting various CMS platforms, but containing a disproportionate number of hacks for one platform in particular. In retrospect, and following a specific complaint, I have pulled down this link. Apologies to the complainant and to anyone else who found this link to be inappropriate.
0 comments:
Post a Comment