Author Topic: Rise of the Robots  (Read 2787 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Rise of the Robots
« on: March 22, 2006, 08:40:54 pm »
I recommend that everybody reads this article (mirror).  It was written by Michal Zalewski, who is an amazing individual. 

The short of it is, search engines can be used to attack sites.  Put a link to a random site and a vulnerability on it (for example, http://www.javaop.com/cgi-bin/vulnerable-script.pl?action=exploit), randomizing the domain name (or choosing from a list).  When a search engine sees the link, it attempts to go to it, attacking whatever site it points to. 

Pretty interesting, definitely worth a read. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Rise of the Robots
« Reply #1 on: March 29, 2006, 09:21:07 am »
Here's an article that talks about this exact problem:

http://www.thedailywtf.com/forums/65974/ShowPost.aspx
Quote
Things went pretty well for a few days after going live. But, on day
six, things went not-so-well: all of the content on the website had
completely vanished and all pages led to the default "please enter
content" page. Whoops.

Josh was called in to investigate and noticed that one particularly
troublesome external IP had gone in and deleted *all* of the content
on the system. The IP didn't belong to some overseas hacker bent on
destroying helpful government information. It resolved to
googlebot.com, Google's very own web crawling spider. Whoops.

After quite a bit of research (and scrambling around to find a
non-corrupt backup), Josh found the problem. A user copied and pasted
some content from one page to another, including an "edit" hyperlink
to edit the content on the page. Normally, this wouldn't be an issue,
since an outside user would need to enter a name and password. But,
the CMS authentication subsystem didn't take into account the
sophisticated hacking techniques of Google's spider. Whoops.

As it turns out, Google's spider doesn't use cookies, which means that
it can easily bypass a check for the "isLoggedOn" cookie to be
"false". It also doesn't pay attention to Javascript, which would
normally prompt and redirect users who are not logged on. It does,
however, follow every hyperlink on every page it finds, including
those with "Delete Page" in the title. Whoops.