Bypass Client Side Validation in a website. Getting Admin.

A quick video showing why you need both server and client side input validation. Here we bypass client side validation using Burp Suite browser proxy to change our input from our valid credentials for the site to get logged in as admin with a simple SQL injection statement. Server side validation would prevent this attack. This method gets us admin in less than a minute, leaving us free to do whatever we want. Here we right a blog entry however we could obviously do a lot more with admin for the website.

This is a very basic demo to keep it simple, however it clearly shows the principles behind this type of attack. Filtering dangerous characters in the browser is not enough, you must perform server side checks as well.

How to check your own server and website. (QGR)

If you have been following the previous QGR’s and the past few posts we have shown how to install LEMP on Ubuntu, and make sure we have carried out some basic hardening of the OS.

We can verify this internally by checking versions on the server but how do we get the external view and see what an attacker would see? Again, this does not need to be extremely expensive. Let’s dive in and look at some great, freely available tools.

Below is a list of free resources we are going to use in this guide.

Nmap free network scanner download

https://nmap.org/

Immuniweb free website scanner

https://www.immuniweb.com/websec

Free web security headers report

https://securityheaders.com/

Free WordPress website scanner

https://wpsec.com

OK, now you have all the links, let’s get started.

nmap

nmap is a free network scanner and we can use this to verify that our firewall is set correctly, and the exposed applications are running the latest versions. Let’s fire it up and scan our site.

nmap info.2code-monte.co.uk

This performs a basic scan of our webserver and the top 1000 ports. (we will cover more advanced scanning in a later post) The results are shown below.

This shows that as expected our server has only 3 ports exposed to the internet. Now let’s do a version check on those services by adding the “-sV” flag.

nmap -sV info.2code-monte.co.uk

We can now see the versions, a quick google shows we are on the latest versions, so we can move on.

If you want to scan all ports then add the “-p” flag, and port range as below

nmap -p 0-65535 info.2code-monte.co.uk

immuniweb scan

Right let’s go to immuniwebs site and using the free web scanner let’s scan our site by selecting “community Edition”, and “Website Security Test”.

After around 10 minutes you will get a report as shown below

This report will provide remediation advice if an issues are found so have a good read through. We will come back to these reports in later posts to show best practice configuration, and other tips.

Security Headers

Security headers are important for website security, not only for your site, but also for anyone who visits your site. Browse to the Security Headers website and start a scan. As before after a short while you will receive a report for your site as shown below.

This also has some great resources for helping you to understand what each finding means and how to remediate any issues. As with the other tests, we will come back to these in the next post.

WordPress Security

If you are using WordPress, and making use of themes and plugins it is vital you ensure you are keeping everything up to date. That means the version of WordPress itself, the current live theme, and all plugins you have installed.

Luckily there are free tools for this as well, so lets head over to the wpsec website and launch the scan.

Simply pop in your website URL , tick the box and off we go.

If there are any issues it will tell you on this page,and you can sign up for a free account to receive a more in-depth report.