What is a vulnerability exactly?
Let's find out! In order to better help educate you about the sorts of vulnerabilities one could find and how they could be abused we've gone through the effort to set you up a live environment example! This is an example on how vulnerabilities are found. Though replicated to seem vulnerable, there is no actual vulnerability here. This is only a simulation to help you better understand the sorts of vulnerabilities encountered in real life situations.
Understanding the vulnerability
Look at the url above used to access this page. Looks kind of funny doesn't it? Let's break it up.
[http://configitnow.com/] [example] [?page=example]
The first part we see is the domain name, this was used to access the site. The second part is the page we are accessing, example.php. Now in this page, a PHP file is setup to store the data into a variable, named "page". This is essentially user input, we as a user are inputting data into a variable to execute some sort of function. The developer of the site is guiding us as to what we should input.....
Input like this must be validated, meaning the developer needs to control what sort of data can be be stored in that variable. In this situation though, we've found ourselves with a bit of a lazy developer, allowing us to pick what we can store inside that variable, and exploit it. In this scenario, the developer has allowed us to include the page we are viewing, the "example" page (see below).
[?page=example]
Now, let's see what else we can store in this variable. Generally, many websites have configuration files stored in their document web roots. Assuming we are accessing this example page from the webroot, we could try typing in the name of a password config file, in this case "config", to see if the include displays the file for us. Let's open a new page and type in the new link with our new variable input.
[?page=config]
The full link:
http://configitnow.com/example?page=config
Take this a step further. Instead of simply trying to include a configuration file from the webroot, let's see if we can include the actual user accounts file from the server! Let's take our variable from before, and instead of storing "config" into it let's store "/etc/passwd", as this is where a user file is typically located.
[?page=/etc/passwd]
The full link:
http://configitnow.com/example?page=/etc/passwd
See anything revealing? Vulnerabilities like these are what let malicious hackers break into websites and steal all sorts of sensitive information. Don't be another victim, contact us now so we can secure your network and ConfigITnow!