iframe attack | HC Panel Community

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

Lockediframe attack

Author Post Essentials Only Full Version
nitaish Premium Member 2008/05/17 07:58:20 (permalink) iframe attack Hello, There is a bug discovered in IIS which is being exploited by hackers and they insert iframe tags in the websites as well as sql databases. The exploit has already infected over half a million websites around the world and I am sure a lot of our friends here might have faced the same in their servers. The exploit itself does not harm the server, but some of the iframe tags contain javascripts called from other websites which hogs the memory of the visitor's computer. In some cases, it also gathers important data from the user's computers. Microsoft is already working on the same. Once their investigation is completed, they will come out with a hotfix or a service pack. Well, my main concern was whether HC is securely coded to avoid this from getting attacked. The last thing we want is to find HC being attacked with the similar hacks. I would suggest HC to verify the application and make sure that it is safe from all such attacks. Issued in public interest. An ICANN Accredited Domain name Registrar - OwnRegistrar.com \| Shared Hosting \| Reseller hosting \| Dedicated server \| - QualiSpace.com Premium AntiSpam / AntiVirus gateway - SpamTermino.com Signup as a reseller and get domains only for $6.49 #1 9 Replies Related Threads
plateaultd Senior Member RE: iframe attack 2008/05/17 09:15:25 (permalink) HC - In this advisory from Microsoft http://www.microsoft.com/technet/security/advisory/951306.mspx They talk about changing the worker process id. WHen a site is created and a separate application pool created would it be possible for HC to set the WPI to the same ID as the anonymous access user name used by IIS? #2
gothamweb Starting Member RE: iframe attack 2008/05/19 05:03:01 (permalink) Nitaish, where are you seeing reports of actual exploits? All the bulletins I have seen for this dont seem to suggest that there is an active exploit - of course that doesnt mean it shouldnt be addressed but I was curious as to where the 1/2 million affected sites stats came from. Sal quote: Originally posted by nitaish [br]Hello, There is a bug discovered in IIS which is being exploited by hackers and they insert iframe tags in the websites as well as sql databases. The exploit has already infected over half a million websites around the world and I am sure a lot of our friends here might have faced the same in their servers. The exploit itself does not harm the server, but some of the iframe tags contain javascripts called from other websites which hogs the memory of the visitor's computer. In some cases, it also gathers important data from the user's computers. Microsoft is already working on the same. Once their investigation is completed, they will come out with a hotfix or a service pack. Well, my main concern was whether HC is securely coded to avoid this from getting attacked. The last thing we want is to find HC being attacked with the similar hacks. I would suggest HC to verify the application and make sure that it is safe from all such attacks. Issued in public interest. An ICANN Accredited Domain name Registrar - OwnRegistrar.com \| Shared Hosting \| Reseller hosting \| Dedicated server \| - QualiSpace.com Premium AntiSpam / AntiVirus gateway - SpamTermino.com Signup as a reseller and get domains only for $6.49 #3
gothamweb Starting Member RE: iframe attack 2008/05/19 05:11:30 (permalink) Nitaish, just to follow up as I didnt provide all the info. What I meant was is there an official link to see that the sql injection attemps are related to the vulnerability disclosed by MS? I ask this because fromwhat I have read, MS is denying that the issue is related: http://www.betanews.com/article/Microsoft_denies_a_link_between_IIS_and_SQL_injection_attacks/1209398818 Sal #4
nitaish Premium Member RE: iframe attack 2008/05/19 23:06:55 (permalink) Well, there cannot be smoke without fire. Though MS denies it is an exploit due to an unpatched vulnerability, what does the following sentence suggest? Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability. Still if we believe MS, then where on earth is the patch for this reported vulnerability? This was reported a month ago and still there is no patch for this vulnerability. This means we are still at risk. An ICANN Accredited Domain name Registrar - OwnRegistrar.com \| Shared Hosting \| Reseller hosting \| Dedicated server \| - QualiSpace.com Premium AntiSpam / AntiVirus gateway - SpamTermino.com Signup as a reseller and get domains only for $6.49 #5
HC Team Hosting Controller RE: iframe attack 2008/05/20 07:48:00 (permalink) This issue has nothing to do with HC as it is related to Microsoft itself. If you can tell us how to replicate this issue then we can check it. ________________________ HC Support Team support@hostingcontroller.com http://hostingcontroller.com +1-213-341-1419 #6
nextmill Senior Member RE: iframe attack 2008/05/20 15:26:18 (permalink) This problem has nothing to do with Microsoft, it has to do with poor coding practices in many applications used these days in ASP, PHP, and ASP.NET where the programmer didn't bother to do a 'validation' on the form submitted data before inserting it into an SQL query. Thus an attacker can craft say a POST to a form application like default.aspx used by Hosting Controller, and instead of using a username for the form field 'Username' they would craft their own SQL commands that either SELECT, UPDATE, or DELETE for example data from any of the tables within that database. Thus they could craft an sql query that goes thru each table, each field on that table and modifies it to say whatever they want. Now if HC checks the username submitted data to make sure it doesn't contact any of these SQL commands within it before using it for an SQL query then we are fine. If HC directly uses the submitted data in an sql query without doing any prevalidation then its only a matter of time that our SQL databases will get destroyed by these script kiddies..... #7
HC Team Hosting Controller RE: iframe attack 2008/05/21 08:09:45 (permalink) SQL injection can not be done incase of HC7 because we use different Store procedures and always validates data before its insertion in database. ________________________ HC Support Team support@hostingcontroller.com http://hostingcontroller.com +1-213-341-1419 #8
gothamweb Starting Member RE: iframe attack 2008/05/21 09:46:37 (permalink) what about hc6 quote: Originally posted by HC Support [br]SQL injection can not be done incase of HC7 because we use different Store procedures and always validates data before its insertion in database. ________________________ HC Support Team support@hostingcontroller.com http://hostingcontroller.com +1-213-341-1419 #9
HC Team Hosting Controller RE: iframe attack 2008/05/23 06:00:13 (permalink) Yes we have also handled SQL injection in HC6. ________________________ HC Support Team support@hostingcontroller.com http://hostingcontroller.com +1-213-341-1419 #10

Jump to: