314 Chapter 13 ■ Web Servers and Web Applications
The source code of a page could reveal something like the following:<form method="post" action="../../cgi-bin/formMail.pl">
<!--Regular FormMail options---->
<input type=hidden name="recipient" value="[email protected]">
<input type=hidden name="subject" value="Message from website visitor">
<input type=hidden name="required" value="Name,Email,Address1,City,State,Zip,
Phone1">
<input type=hidden name="redirect" value="http://www.termina.com/received.htm">
<input type=hidden name="servername" value="https://payments.termina.com">
<input type=hidden name="env_report" value="REMOTE_HOST, HTTP_USER_AGENT">
<input type=hidden name="title" value="Form Results">
<input type=hidden name="return_link_url" value="http://www.someplace.com/
main.html">
<input type=hidden name="return_link_title" value="Back to Main Page">
<input type=hidden name="missing_fields_redirect" value="http://www.termina.com/
error.html">
<input type=hidden name="orderconfirmation" value="[email protected]">
<input type=hidden name="cc" value="[email protected]">
<input type=hidden name="bcc" value="[email protected]">
<!--Courtesy Reply Options-->The code contains information that is useful to an attacker. Although the information
may not be completely actionable, it does give you something. Notice the e-mail addresses
and even what appears to be a payment processing server (payments.termina.com). This is
information that an attacker can use to target an attack.
The following is another example of a vulnerability in code that can be exploited:<FORM ACTION =http://111.111.111.111/cgi-bin/order.pl" method="post"
<input type=hidden name="price" value="6000.00">
<input type=hidden name="prd_id" value="X190">
QUANTITY: <input type=text name="quant" size=3 maxlength=3 value=1>In this example, the application designer has used hidden fields to hold the price of an
item. Unscrupulous attackers could change the price of the item from $6,000.00 to $60.00
and make their own discount.Buffer Overflow
A common vulnerability in web servers, and all software, is buffer overflow. A buffer
overflow occurs when an application, process, or program attempts to put more data in a
buffer than it was designed to hold. In practice, buffers should hold only a specific amount
of data and no more. In the case of a buffer overflow, a programmer, either through
lazy coding or other practices, creates a buffer in code but does not put restrictions on
it. The data must go someplace, which in this case means adjacent buffers. When data