Basic Assignments
|
Options & Settings
|
Main Time Information
|
||||||||||||||||||||||
|
|
|
|
|||
|
|||
|
Notes:
|
Backend access: FTP & uploads & SQL – quick & dirty On FTP - Check for payee id - Request FTP or SQL - Require a password - Limit to o Select, insert, update, alter table - Choose between dump or normal response - Browse - Destination - Success message On 11/29/11 dealing with a backend or backdoor: In talking with my mom, two sisters, and my wife: We came up with the following: 1. Track a full hidden history including full path and file name for uploads, full SQL for SQL statements, IP address, date/time stamps, payee id, mode/type, and corp id 2. Make it non-inviting 3. Maybe add some booby traps 4. Don’t leave a key under the floor mat 5. Don’t call it a back door 6. No windows 7. Low profile – don’t beat a path to it 8. Don’t talk about it |