iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Some questions about Hacking html based sites?
  • mandi
    Posts: 207
    As usual i got some questions on web-application hacking

    1) guys are simply creating some flash based html web-sites and hosting it on web-servers,i am interested in learning to hack those html sites,in general what kind of attacks (other than xss) will work on html based sites?

    2)From your experience can any you guys tell me,
    hacking a html site is harder or hacking a php or asp site is harder?

    3)I had seen some "cgi" (may be common gateway interface) is being used on some html sites,does using "cgi" in web-sites makes the html web-sites vulnerable? would like to know about how to hack the "cgi" ?

    4)Also which one is the most secured site,html based sites or php based sites?

    hope some one will clear my doubts :)
  • Sh3llc0d3
    Posts: 1,910
    Lol it had best not be my site :P. CGI is easy to hack based on your knowledge of CGI and how good the coder is who implemented the script/system. Even so, if you do manage to attack cgi you will only get so far if the web-server admin knows what he's doing. Not sure whether html is harder than php but php is much more common I'd say.
  • mandi
    Posts: 207 

    Lol it had best not be my site :P. CGI is easy to hack based on your knowledge of CGI and how good the coder is who implemented the script/system. Even so, if you do manage to attack cgi you will only get so far if the web-server admin knows what he's doing. Not sure whether html is harder than php but php is much more common I'd say.


    Definitely not you man,if possible can you pass me some links regarding learning how to hack "cgi" technology?
    yes php sites are common,but i heard BIG guys like FBI are using html sites for security ,don't know why ?

    Also can you suggest me some ways for hacking in to a html based site?
  • Sh3llc0d3
    Posts: 1,910
    For CGI hacking I think your main source of learning is to learn about CGI itself (as with exploiting any language). I code in perl-cgi and do various scripts, I can give you resources for learning to code in cgi but for the moment i'll pm you a link on hacking cgi. I suggest learning it or viewing source codes to understand what your looking at/for. The only example I can think of for the sort of things your looking for is a cgi script i'm working on at the moment which will be implemented into my site (therefore I don't want to show it just yet :P).
  • Xin
    Posts: 3,251
    You can't really compare them:
    HTML is client side, meaning it has no connection to the server to send/receive commands so the only attacks you can really do are things like XSS, XSRF that attack the client.

    As far as PHP and ASP goes its only as secure as the configuration, providing its patched and up to date. Most vulnerabilities in web apps tend to come wrong poor setup rather than hardcoded problems.

    This applies to CGI too.
    Xin
  • mandi
    Posts: 207
    So in simple web-application security dpeneds a lot on their configurations rather than the hard-coded bugs with them.

    can you please answer this questions from your experience
    assume there are 100 web-application hack attacks happened in the year 2010
    in that how many are done due to hard-coded web-application bugs and how many are done due to imprpopser configurations?

    just want to know the real life statistics from your experience.....
Add a Comment