ASP Hackers - Sample ASP Files - Hackers Motes Notes...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Sample ASP Files - Hackers Mote’s Notes 4/27/2011 Dynamic web sites (not just ASP sites) are notorious targets for unwanted attacks. Two of the most common types of attacks are HTML-based and SQL-based. HTML attacks are aimed at web pages that allow the user to insert and update records in the backend database. SQL injection attacks, on the other hand, are generally aimed at textboxes on drill-down web pages. Both types of attacks are simple to defend. Sadly, many organizations fail to take the necessary precautions. Just ask the 197,000 innocent victims of the 2006 McCombs attack. Identity theft is a booming business. HTML Attacks The basic idea of an HTML attack is to use an unprotected insert/update web page to save html tags in the backend database. These unwanted tags may be used to alter the intended appearance of a page (e.g., boldness, font changes), to insert unauthorized content (e.g., political statements), to insert hyperlinks to external web sites, or to insert unwanted graphics (e.g., porn). While an HTML attack does not access or destroy the confidential information held in a backend database, an undetected attack can lead to corporate embarrassment. Somebody attacked us. Here is our Basic.asp page. How embarrassing.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/26/2011 for the course MIS 325 taught by Professor Mote during the Spring '08 term at University of Texas.

Page1 / 4

ASP Hackers - Sample ASP Files - Hackers Motes Notes...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online