Hacking website with brute-force type attack on a local machine

I have already written about the danger to your website caused by insecurely stored back up files. However, it was a case when I was able to find FTP credentials used by Updraft backup WordPress plugin stored in the back up of the database. I think this is the most straightforward hacking technique ever and it doesn’t require specialised knowledge or software to perform the hack. But today I will tell you about the more sophisticated method.

So, let’s begin with the very first step of this hacking method. As I mentioned in the previous post, some Google dorks could lead you to websites with unprotected backup files due to the open directory listing. Trust me, there are hundreds if not thousands of such sites, and you can find them by applying various dorks since various WordPress backup plugins have different file naming scheme.

Insecure WordPress backup files

OK, now when you have a potential list of vulnerable websites, it’s time to pick up one and proceed with other steps. We are looking for sites with backups of the database which you can use on your local machine. Download the WordPress database file, and you’re ready to start the hack. Continue reading Hacking website with brute-force type attack on a local machine

phpMyAdmin CSRF vulnerability is dangerous but hard to exploit

phpMyAdmin cross-site request forgery (CSRF) vulnerability found by an Indian security researcher Ashutosh Barot caused a lot of noise. It’s evident that many website owners began a heated debate on this issue since phpMyAdmin is one of the most popular tools for managing MySQL databases. I find this discussion somewhat surprising because most speakers do not realize what kind of conditions needed to make it possible to exploit this vulnerability. My modest opinion is that this security issue is more dangerous theoretically than in practice. Let’s see why I think so.

phpMyAdmin CSRF vulnerability exploitation mechanism

Attacks on CSRF vulnerabilities are quite primitive. An attacker prepares specially crafted link with some parameters or commands. This link will make some unattended actions if clicked by the administrator or any logged user with sufficient rights of the targeted system. Ashutosh Barot published a short Youtube video which shows how he managed to drop one table from the database with a single click on the link. An attack is possible due to the unprotected GET request operation.

Continue reading phpMyAdmin CSRF vulnerability is dangerous but hard to exploit