Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!
URL manipulation is a common issue faced in all database driven sites such as job boards, resume databases, blogs or any other site where parameters are passed via the URL. By manipulating certain parts of a URL, users may be able to access files they are not supposed to have access to.
URL manipulation, also called
URL rewriting, is the process of altering parameters in a URL.
In this example below, the website stores data files on the server with a parameter "resumeid". If the script is not written correctly, we can edit the number and return another resume we may or may not have access to
URL/clientdata.aspx?resumeid=233Change the "233" to another numeric number, easy!
URL/clientdata.aspx?resumeid=545If the programmer has not anticipated this possibility, the user may potentially obtain data legitimately. This manipulation is not limited to numbers, you can try letters or special characters. See previous blog post on
HTML Special Character #39 - The Apostrophe To secure your website against URL manipulation, you should check on the following
- Make sure the server accurately interprets dynamic pages
- Delete unnecessary script interpreters
- Prevent HTTP viewing of HTTPS accessible pages. Make sure the server - Protects access to directories containing sensitive data
- Delete unnecessary configuration options
Article URL: http://www.recruitmentdirectory.com.au/Blog/how-secure-is-your-recruitment-website-part-2-url-manipulation-a199.html
Article Tags: insecure job board recruitment website hacking security url manipulation url hacking url rewriting 
Hide Comments (0)
Back to Menu
