VisiCom Services Blog

VisiCom Services has been serving the Rochester Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

URL Manipulation and What to Do About It

URL Manipulation and What to Do About It

Most people know what a URL is. It’s the address of a website, typically starting with http:// or https://, and it is essentially the location of a web page or application that can be accessed through a web browser or application. Nowadays, URLs are being manipulated by actors for both positive and negative means. Let’s take a look at URL manipulation and how it could affect you.

The URL

Before we get into the manipulation of the URL, let’s define its parts. 

The first part of the URL is called the protocol, which tells the computing network which language is being used to communicate on said network. Most of the time, the URL will use the protocol “HTTP”. The HyperText Transfer Protocol makes it possible to exchange web pages. Other protocols that are used include File Transfer Protocol, News, and Mailto. 

The second part of the URL is the ID and password, which makes it possible to access secure servers on the network. This part is typically removed because the password will be visible and transfer unencrypted over the computer network.

The third part of the URL is the server name. It allows users to access information stored on specific servers whether through a domain or the IP address associated with the server. 

The fourth part of the URL is the port number. This number is associated with a service and tells the server what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80.

Finally, the fifth, and last, part of the URL is the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

By manipulating parts of the URL, a hacker can gain access to web pages found on servers that they wouldn’t normally have access to. Most users will visit a website and then use the links provided by the website. This will get them to where they need to go without much problem, but it creates their own perimeters.

When a hacker wants to test the site for vulnerabilities, he’ll start by manually modifying the parameters to try different values. If the web designer hasn’t anticipated this behavior, a hacker could potentially obtain access to a typically-protected part of the website. This trial and error method, where a hacker tests directories and file extensions randomly to find important information can be automated, allowing hackers to get through whole websites in seconds. 

With this method they can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

Securing your server against URL attacks is important. You need to ensure that all of your software is updated with the latest threat definitions, and keeping a detailed configuration will keep users in their lanes, even those who know all the tricks. 

The IT experts at VisiCom Services can help you keep your business’ IT infrastructure from working against you. Call us today at 248.299.0300 for more information about how to maintain your organization’s network security.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Tuesday, 19 November 2019
If you'd like to register, please fill in the username, password and name fields.

Sign Up For Our Newsletter

Powered by ChronoForms - ChronoEngine.com

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
14 September 2017
Usually I don't refer spending time like these categories subjects and website but really the blog w...
Tip of the Week: 4 Google Chromecast Features that May Surprise You
05 September 2017
I’m really satisfied to find this site.I need to thank you only for this brilliant read!!I unquestio...
Microsoft OneNote May Be the Best Note-Taking Tool on the Market
27 June 2017
I blog frequently and I really value your substance. The article has really crested my advantage. I ...

Latest Blog Entry

18 November 2019
Visicom Blog
Security
A lot of computing is done today using cloud computing - basically, making use of the computing power, space, and applications that a provider has on their infrastructure as if they were your own. Doi...

Latest News

Contact Us

Learn more about what VisiCom Services can do for your business.

callphone

Call us today    248.299.0300

2534 S Rochester Road
Rochester Hills, Michigan 48307

#