Top Security News |
IT Managers Stressed By Employees
IT managers are more worried about end users creating a problem for their IT Systems than about attacks from hackers, according to the, "2007 State of Security...
Google's Checklist Of Helpful Webmaster Security Tips
The official Webmaster blog has a helpful post has a list of Quick security checklist for webmasters. "Check your server configuration. Apache has some security...
Ajax Security Features In ColdFusion 8
There are some interesting new features in ColdFusion 8 related to security that I thought I'd share. I just discovered them myself (I'm writing one of the the Ajax chapters for CFWACK) and I thought I'd share.
Maiffret Talks REM, Apple, And Black Hat
eEye CTO Marc Maiffret chatted with SecurityProNews ahead of his firm's release of their hardware
appliance for managing security and asset vulnerability...
|
|
 |
Recent WebProNews Articles |
What Happens In Ask Doesn't Stay In Ask
Ask.com isn't being completely forthcoming about its highly touted AskEraser, which, the company promises, deletes searcher data in a matter of hours. Hours...
Google Frowns On Rogers Injection
Rogers Internet in Canada provides its subscribers with an advisory when they are approaching their account's bandwidth limits, by injecting that notice into a web...
Google Scrubs SubDomains
I had a chance to catch up with Matt Cutts and Vanessa Fox last week at the Las Vegas Pubcon. We talked about a variety of things - from the hacking of someone's out of version WordPress blog to the...
Cutts, Sullivan Weigh In On Paid Links
The wild debate about Google's increasingly hardline stance against paid links looks like Wimbledon, with Matt Cutts taking on Rich Skrenta, while Danny...
|
|
|
12.12.07
Hackers Bypassing Registration With PyCurl
 By
Dan Morrill
Interesting hacking attack going on at a social networking site that I am working on today.
Seems that the hacker is using PyCurl to bypass the registration page and dump user's right into the system.
It looks like the piece of offending code in the user.php file is
What is ending up happening is this in the database.
That looks like the user is being generated by a Bot of some sort that is using the Pycurl library to bypass the login system and captcha that is required to validate a user. Rather than using the captcha, it is just dumping in users by latching directly onto the users.php file.
The reason why I say that this is a bot is that the IP Addresses are all over the map. Moreover, the activity is too close to be a person who is typing this. The Log looks like this per entry. Nothing but Posts.
But the time hacks in the database look like this.
What makes this interesting is that this is nothing new, but the first time that I have seen PycURL used to bypass the entire registration process to simply dump users into a system by using the insert command followed by data that the system needs to generate the user account.
Neat trick to pull on people using any form of registration on the network.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
