I wouldn't really interpret this as a hack. Server logs are always full of obscure entries, whether its from bots or network scanners or users accidently typing in the middle of the url from their browser. If it's possible to inject data into the URL's on your website and reap unwanted effects, just fix that, tighten the data validation in your code and you won't have to worry about entries like this.
I don't know of any recently discovered url hacks that can compromise the server, most of them are patched over long ago. I say that and yet I still see .htr attacks and file traversal attacks in my logs, don't know why people even waste their time anymore. Might I suggest getting a security book from the 'Hacking Exposed' series, it is really superior to Hack Proofing ColdFusion, I didn't like that book at all. Just my 2 cents. -Daniel Elmore -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ted Barker Sent: Wednesday, September 15, 2004 10:52 AM To: [EMAIL PROTECTED] Subject: Korean hack, ? I found the following hack on our server logs. I have been using a new book on Cold Fusion hacking (Hack Proofing Cold Fusion) and making server side upgrades to security. Still have some more to do but found this interesting hack from Korea on my site logs. Data hacking found on log files: Ted Barker ps: this is from our BBS area and looks to be grabbing the url.id from the data files rather than a direct access to the database on server. Any ideas? ----------------- Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+i-NavFourF) - http://cafe155.daum.net/_c21_/bbs_read?grpid=jGRx&fldid=DLY3&page=1&prev_pag e=0&firstbbsdepth=&lastbbsdepth=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz&contentval=00 04Xzzzzzzzzzzzzzzzzzzzzzzzzz&datanum=281&head=%C7%D1%B1%B9%C0%FC%C0%EF&subj= %3Cb%3EF80%BD%B4%C6%C3%BD%BA%C5%B8%3C%2Fb%3E&nick=%C0%FE%C0%BA%B9%CC%BC%D2&i d=gqTxCzVunXo0&smsnum=-1&smsvalid=0&count=5&day=20040914110321&datatype=9&se lectyn=n&avatarcate=1&rowid=AAAA4zAATAAAal/AAs&edge= 2004-09-15 06:21:50 203.253.173.200 - mail.kwp.org GET /top_right.gif - 200 0 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+Win+9x+4.90) - http://cafe184.daum.net/_c21_/bbs_read?grpid=qz8e&fldid=8AA&page=1&prev_page =0&firstbbsdepth=&lastbbsdepth=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz&contentval=000 0Mzzzzzzzzzzzzzzzzzzzzzzzzz&datanum=22&head=&subj=%C7%D1%B1%B9%C0%CE%BF%A1%B 0%D4+%C0%D8%C7%F4%C1%F8+%C0%FC%C0%EF+6.25+%B1%D7%B7%AF%B3%AA+%B9%CC%B1%BA%C2 %FC%C0%FC+%BF%EB%BB%E7%B5%E9%C0%C7+%B3%FA%B8%AE%BF%A1+%B1%ED%B0%D4+%B0%A2%C0 %CE%B5%C7%BE%EE+%C0%D6%B4%C2+6.25&nick=%B1%E8%C1%D8%C8%A3&id=l54bx8X3woc0&sm snum=0&smsvalid=0&count=10&day=20040830084025&datatype=Z&selectyn=n&avatarca te=1&rowid=AAAAxhAASAAANalAAN&edge= =============================================================== Ted Barker: PH: 214.320.0342 The Korean War Project (Online since 1/15/94) http://www.koreanwar.org/ (Website since 2/15/95) =============================================================== ---------------------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: http://www.dfwcfug.org/form_MemberUnsubscribe.cfm To subscribe: http://www.dfwcfug.org/form_MemberRegistration.cfm ---------------------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: http://www.dfwcfug.org/form_MemberUnsubscribe.cfm To subscribe: http://www.dfwcfug.org/form_MemberRegistration.cfm
