094 90 48200     Get SUPPORT

Aniar IT Services Blog

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

URL Manipulation and What to Do About It

URL Manipulation and What to Do About It

Most people know what a URL is. It’s the address of a website, typically starting with http:// or https://, and it is essentially the location of a web page or application that can be accessed through a web browser or application. Nowadays, URLs are being manipulated by actors for both positive and negative means. Let’s take a look at URL manipulation and how it could affect you.

The URL

Before we get into the manipulation of the URL, let’s define its parts. 

The first part of the URL is called the protocol, which tells the computing network which language is being used to communicate on said network. Most of the time, the URL will use the protocol “HTTP”. The HyperText Transfer Protocol makes it possible to exchange web pages. Other protocols that are used include File Transfer Protocol, News, and Mailto. 

The second part of the URL is the ID and password, which makes it possible to access secure servers on the network. This part is typically removed because the password will be visible and transfer unencrypted over the computer network.

The third part of the URL is the server name. It allows users to access information stored on specific servers whether through a domain or the IP address associated with the server. 

The fourth part of the URL is the port number. This number is associated with a service and tells the server what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80.

Finally, the fifth, and last, part of the URL is the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

By manipulating parts of the URL, a hacker can gain access to web pages found on servers that they wouldn’t normally have access to. Most users will visit a website and then use the links provided by the website. This will get them to where they need to go without much problem, but it creates their own perimeters.

When a hacker wants to test the site for vulnerabilities, he’ll start by manually modifying the parameters to try different values. If the web designer hasn’t anticipated this behavior, a hacker could potentially obtain access to a typically-protected part of the website. This trial and error method, where a hacker tests directories and file extensions randomly to find important information can be automated, allowing hackers to get through whole websites in seconds. 

With this method they can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

Securing your server against URL attacks is important. You need to ensure that all of your software is updated with the latest threat definitions, and keeping a detailed configuration will keep users in their lanes, even those who know all the tricks. 

The IT experts at Aniar IT Services can help you keep your business’ IT infrastructure from working against you. Call us today at 094 90 48200 for more information about how to maintain your organization’s network security.

Big Data for the Small Business
Cybersecurity: An Origin Story
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, June 04 2020

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Productivity Cloud Privacy Workplace Tips Network Security Hosted Solutions Email Innovation User Tips Internet Microsoft Efficiency IT Support Data Software Data Backup Hardware Hackers Google Data Recovery Communication Small Business Tech Term Managed IT Services Cloud Computing Smartphones Business Mobile Devices VoIP Cybersecurity Communications Collaboration IT Services Windows 10 Phishing Computer Gadgets Android Backup Malware Business Continuity Users Mobile Device Artificial Intelligence Smartphone Outsourced IT Network Browser Saving Money Windows Disaster Recovery Business Management Miscellaneous Internet of Things Spam BDR Server Information Managed Service Facebook Upgrade Chrome How To Office 365 Router Social Media Computers Applications Passwords Windows 7 Blockchain Automation Microsoft Office BYOD Paperless Office Holiday Word Cybercrime Data Security Money Virtualization Display Mobile Device Management Data Storage Managed IT Encryption Wi-Fi Human Resources Two-factor Authentication Infrastructure History Quick Tips Networking Staff Bandwidth Data Breach Vulnerability Apps Operating System Remote Work Data Protection Patch Management Save Money Ransomware Telephone System Remote Monitoring Connectivity Settings Sports Machine Learning Access Control Digital Signage Law Enforcement CES Unsupported Software Cryptocurrency Telephony Employee/Employer Relationship Training Fraud Software as a Service Scam Business Intelligence Update Content Management Keyboard Spam Blocking Botnet Augmented Reality VPN Processor Password Bring Your Own Device Government Virtual Assistant Managed IT services IT Management Business Technology Redundancy Voice over Internet Protocol Vendor Management App Telephone Systems HIPAA Meetings Health Social Engineering Google Drive Avoiding Downtime Big Data Website Education Managed Services Provider Identity Theft Servers Comparison Private Cloud IT Plan Vendor Procurement OneNote Help Desk Google Docs Specifications Wireless Batteries Data Management Printer Tip of the week Remote Computing IT Assessment Workers Compliance Managed Services Public Cloud Mobile Computing Default App Shopping Evernote Cleaning Trending Cryptomining Biometric Security Information Technology HaaS Virtual Machine AI Recycling Devices Virtual Private Network Computer Fan YouTube Mouse Windows Server 2008 Windows Server 2008 R2 OneDrive Authentication Data loss Google Search Covid-19 Cache Software Tips Smart Office HBO IT Infrastructure Social Network Practices Safe Mode Security Cameras Remote Worker Database Telecommuting Manufacturing Computing Amazon Shortcuts Hypervisor Remote eWaste Thought Leadership Save Time 5G Remote Workers FENG Microchip Computer Care Copiers Cortana Alert Peripheral Wireless Internet Document Management Camera Outlook Investment Printing Charger Hosted Computing Smartwatch Skype Wiring Travel The Internet of Things Virtual Reality Professional Services Amazon Web Services Accountants Enterprise Content Management Mobility Hacker Going Green Legal Proactive IT Tools Work/Life Balance Managed IT Service Search Engine Hard Drive Development Password Manager Nanotechnology Project Management Quick Tip USB Solid State Drive Printers Frequently Asked Questions Recovery ROI Personal Wireless Charging Inventory Start Menu Windows 10s Firewall Cabling Fiber Optics Downtime Password Management Social Sync Multi-Factor Security Saving Time Office Criminal MSP Net Neutrality Millennials Digital Signature Bing WiFi Messaging Business Mangement Smart Tech Screen Mirroring Bitcoin Electronic Medical Records Wire Audit Physical Security Entertainment Warranty Excel GDPR Digitize Google Apps Employer-Employee Relationship Employee Addiction Unified Threat Management Cables Trend Micro Online Shopping Root Cause Analysis NIST Mobile Office Supply Chain Management File Sharing ISP Value Workforce OLED Using Data Credit Cards PDF HVAC Flash SMS Gmail Cast Windows 10 Hard Drives Public Speaking Search Presentation Regulation Lithium-ion battery CrashOverride Emergency Wireless Technology Company Culture Tech Support Safety IBM Productivity Managed Service Provider Marketing Managing Stress Budget Competition Customer Relationship Management Hiring/Firing Twitter IP Address Fun Personal Information Customer Service Domains Financial