Analysing website exploits and how to counter them?

0
votes

Whenever I see exploit attempts on websites I manage I always try to find out what they were attempting to do. Some are obvious such as "../../passwordfile" in a URL request where they're hoping to exploit direct file access and move up the directories.

Others can usually be Googled but some are not so obvious such as "'DJAclT<'">WMpAyg" or ".(,."),,'(" which I can't seem to find any useful search results.

Can anyone recommend a website where I can learn more and how to counter these attacks? Free scanning sites/tools such as Wapiti would be good too.

It would also be useful if someone could tell me what "'DJAclT<'">WMpAyg" or ".(,."),,'(" was trying to do. Looks like a regex injection attempt, but I'm unsure.

Edit: Sites use a LAMP stack.

1
securityxssexploit
Could you provide us with a little bit of information about your website such as what it runs on? For example. a .NET Core site will handle this much better than a PHP site will. A bit of background might help us narrow down how to counter these attacks - Horkrine

1 Answers

1
votes

The best defense is to simply know how to handle these sorts of attacks. You can read more about what XSS is, as well as learn the different types. One of the best resources I can recommend is OWASP's XSS prevention cheat sheet which will teach you how to avoid this particular attack.

Also, I don't know if those last particular characters you've asked about affect another system you may be using, but they just seem to be test inputs so that the attacker can see the output / how it's stored, whether it allows the < or >, or the " character, or it changes all characters to uppercase or lowercase etc. It's just a test input to see if you're vulnerable, I'd say.

Hope this helps