Article Preview
Top1. Introduction
Software security issues began to appear in 1970s. The first spam was identified in 1978, a massive cyber identity theft occurred in 1984, while the first known computer virus appeared in 1987. During the 1980s, many international banks were attacked by hackers. In 1995, the United States Department of Computer Security was attacked by hackers 250,000 times. In 1996, hackers attacked the US Department of Justice, the Central Intelligence Agency, and the National Aeronautics and Space Administration. Microsoft was also a victim of service denial attacks in 2001. In 2006, Turkish hackers attacked approximately 22,000 websites, and in 2008, Chinese hackers penetrated sensitive websites around the world, including the Pentagon. Since 2009, the Conficker computer worm has infect millions of computers on a global scale (Banerjee & Pandey, 2009). Exact estimates are difficult to ascertain as newer versions of the virus use different propagation and update strategies. These events occurred due to software vulnerabilities. Web-based applications are more sensitive because many organizations use remote networks on the Internet to access their data; these applications are susceptible to cyber-attacks. (Daud, 2010).
Firewalls and other security tools are designed to prevent cyber-attacks at the network level, but most attacks occur in the application level where security depends on software codes, web servers and databases. Security vulnerability occurs when attackers are able to exploit software weaknesses that result in violations of privacy, integrity and availability. Web-based applications are typically utilized by government, financial, and health agencies and their corresponding websites. According to a report by a consortium of application security firms, 49% of applications have serious vulnerabilities (Chaudhari & Vaidya, 2014). Therefore, it is essential that software makers become familiar with the various types of vulnerabilities. After software has been created, security tests are typically conducted in order to combat known vulnerabilities. However, if a software maker is unaware of a particular threat, the system is susceptible to attack. In section 1.1, we present known web vulnerabilities. In section 2, we describe a concept of a Content Management System (CMS) and introduce popular CMSs, then we introduce remote installation vulnerability and shows how attacker can find vulnerable websites and how they can attack them. Section 3 present simple patching solution for RIV and finally, section 4 shows risk of RIV in CMSs.
1.1. Known Security Vulnerabilities
Considerable research has been conducted on the diagnosis and treatment of cyber security susceptibilities. This includes the detection and resolution of SQL injection vulnerabilities (Natarajan & Subramani, 2012; Chung et al., 2012; Jang & Choi, 2014) and the susceptibility of XSS (Salas & Martins, 2014; ÐURIC, 2014; Scholte, et al., 2012). Some studies have focused on denial of service attacks and introduced ways to address them (Ali et al., 2014; Khattab et al., 2006; Shamshirband, et al., 2014). Some researchers have analyzed so-called brute force attacks and methods of retrofitting against them (Cho et al., 2011; Cho et al., 2012; Rashwan et al., 2011; Laccetti & Schmid, 2007). Numerous studies have also focused on vulnerabilities that have given rise to DNS hijacking attacks (Brahmasani & Sivasankar, 2013; Shulman & Waidner, 2014), cross site request forgery (Siddiqui & Verma, 2011; Jovanovic, Kirda & Kruegel, 2006; Shahriar & Zulkernine, 2010; Zeng, 2013; Feil & Nyffenegger, 2008), misconfiguration (Saeed & Elgabar, 2014; Steinke, Tundreab & Kellya, 2011), content spoofing (Jitpukdebodin, Chokngamwong & Kungpisdan, 2014; Chavan & Meshram, 2013), local file inclusion (Ami & Malav, 2013), phishing attacks (Dadkhah, Lyashenko & Jazi, 2015; Nyeste & Mayhorn, 2012), and remote file inclusion (Robledo, 2008; Srivastava, 2012). However, there are no studies on the vulnerability of remote installation on what we will term remote installation vulnerability (RIV). While such attacks are related to misconfiguration, because of the frequency of this type of vulnerability in content management systems, we will address it as a separate security issue. Attacker use Dorks to identify vulnerable websites. Dorks are phrases that are entered into search engines and they will generate a list of websites with specific vulnerabilities. Each vulnerability has its specific dork, so we introduce special Dorks for RIV in this paper.