Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

How secure is your Recruitment website? Part 2 - URL Manipulation

Posted By: Thomas Shaw, 1:20pm Saturday 06 June 2009    Print Article

URL manipulation is a common issue faced in all database driven sites such as job boards, resume databases, blogs or any other site where parameters are passed via the URL. By manipulating certain parts of a URL, users may be able to access files they are not supposed to have access to.

URL manipulation, also called URL rewriting, is the process of altering parameters in a URL.

In this example below, the website stores data files on the server with a parameter "resumeid". If the script is not written correctly, we can edit the number and return another resume we may or may not have access to

URL/clientdata.aspx?resumeid=233

Change the "233" to another numeric number, easy!

URL/clientdata.aspx?resumeid=545

If the programmer has not anticipated this possibility, the user may potentially obtain data legitimately. This manipulation is not limited to numbers, you can try letters or special characters. See previous blog post on HTML Special Character #39 - The Apostrophe

To secure your website against URL manipulation, you should check on the following
  • Make sure the server accurately interprets dynamic pages
  • Delete unnecessary script interpreters
  • Prevent HTTP viewing of HTTPS accessible pages. Make sure the server - Protects access to directories containing sensitive data
  • Delete unnecessary configuration options



Article URL: http://www.recruitmentdirectory.com.au/Blog/how-secure-is-your-recruitment-website-part-2-url-manipulation-a199.html

Article Tags: insecure job board recruitment website hacking security url manipulation url hacking url rewriting

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Brand Identity Guidelines
Published: 9:00pm Thursday 21 May 2009

TradeMe Jobs API
Published: 11:20am Monday 29 November 2010

The difference between a Video Interview and Video Resume
Published: 2:06pm Monday 12 January 2009

Job Board Statistics - February 2010
Published: 4:12pm Wednesday 03 March 2010

Facebook Advertising - Part 2
Published: 1:58pm Saturday 03 January 2009