Today's ISN Sponsor: Repent Security Incorporated
Hackers Can Access Restricted Info on Web Sites
Thousands of Web sites may be vulnerable to hackers, who can gain access
to restricted areas through a back door unwittingly left open by
careless Web masters. The threat was disclosed this week by
Miora Systems Consulting (http://www.miora.com) in Playa del
Rey, and confirmed by other Web security experts.
Oliver Friedrichs of Secure Networks Inc., a Web security firm
in Calgary, Canada, said Miora had put its finger on a common
security flaw. Many Web sites use what are called ``hidden form
fields'' -- that is, invisible codes on Web pages -- to track
where visitors go on a Web site, something advertisers want to
know.
That's fine, unless they also use these same hidden form fields
to keep certain parts of the Web site -- say billing records --
off limits.
In such cases, hackers can make those hidden form fields
visible, and use them to gain access to roped-off areas of the
site.
``Web security experts have known about this problem for a
while,'' Friedrichs said. ``But Miora has shown that a lot of
Web sites are still leaving themselves open to this sort of
attack.''
If you wish to receive ISN directly, mail majordomo@sekurity.org with "subscribe isn".
ISN is a non-profit list designed to keep Security Professionals aware.
Received on Sat Mar 14 01:55:28 1998