WebApp Sec mailing list archives
Deface a web site
From: "Leung, Annie LDB:EX" <annie.leung () bcliquorstores com>
Date: Mon, 6 Dec 2004 15:18:22 -0800
Hi list members, The scenario is that a web site is running in a Windows 2000 machine with Oracle web/application server environment (Apache-based), J2EE, HTML. The web application is deployed by logged in using the administrator account (cloned from the original). That implies the web application runs with admin privileges, right? Database and authentication details are in other servers. Q1: What are the risks for a web application running with admin privileges? Q2: In this scenario, is it easier or no difference when trying to deface a web site? Is it really depending on how the pages are coded? Any input would be appreciated. Thanks in advance. Annie EDP Auditor
Current thread:
- Deface a web site Leung, Annie LDB:EX (Dec 08)
- Re: Deface a web site Rafael San Miguel Carrasco (Dec 14)