Contact us today!

FRS Pros Blog

Why is URL Manipulation a Security Concern?

Why is URL Manipulation a Security Concern?

If you’ve spent any time using a computer, you probably know what a URL is. It is the address of a website. It typically starts with “http//:” or “https://” and directs the Internet browser on where the user would like to surf. Nowadays a threat could be created by manipulating the URL. Today, we’ll take you through this threat. 


Before we get into the manipulation of the URL, let’s define its parts. 

At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you’ll see include File Transfer Protocol (FTP), News, and Mailto.

The next part is the ID and password. Since most people don’t want their login credentials exposed, they leave this information out of the URL. Safety first. 

The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server.

The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You’ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80.

The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain).

Manipulating the URL

When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means--that is that they use the links provided on the website--sometimes hackers can find vulnerabilities by a trial and error approach. 

By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn’t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files. 

Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply.

What You Can Do?

By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data. 

The IT experts at FRS Pros can help you keep your business’ IT infrastructure from working against you. Call us today at 561-795-2000 for more information about how to maintain your organization’s network security.

What Value Do Managed Services Offer? Firstly, Pro...
Microsoft Does Some Patching Off Schedule

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Network Security Business Computing Productivity Privacy Internet Hackers Google User Tips Software Microsoft Cloud Business Management Innovation Hardware Computer Tech Term Data Data Backup Efficiency Mobile Devices Smartphones Malware Hosted Solutions Windows 10 Data Recovery Email Cybersecurity Office 365 IT Services Browser Outsourced IT Smartphone Android Communication Backup IT Support Gadgets Windows Business Upgrade Internet of Things Small Business Data Security Phishing Apps VoIP Workplace Tips Communications Cybercrime Business Continuity Disaster Recovery Users Cloud Computing Mobile Device Management Network Saving Money Ransomware Operating System Facebook Managed IT Services Managed Service Information Money Vulnerability Artificial Intelligence Alert OneNote Law Enforcement Social Media Server Employer-Employee Relationship Applications Wireless Blockchain Chrome Best Practice Spam Two-factor Authentication Automation Microsoft Office Managed IT Services Collaboration Passwords Miscellaneous Virtualization IT Support Health Unsupported Software Augmented Reality Telephone Systems BYOD Tech Support Google Drive Settings App Bring Your Own Device Password Holiday Hacking Data Storage Windows 10 Networking Gmail Information Technology Mobile Device Save Money Word Computers Patch Management Managed Service Provider Managed IT Router Quick Tips Payment Cards Productivity Travel Hosted Solution Commerce Sports WannaCry Avoiding Downtime Mobility Access Control File Sharing Application Search Excel Printing Telephony Fraud Encryption Safety Mobile Security Evernote SaaS Vendor Proactive IT Google Assistant User Error Going Green Social Government Hybrid Cloud Touchscreen Risk Management WiFi Cortana Data Loss Robot Conferencing Wi-Fi Windows 7 Update The Internet of Things Business Technology Audit Meetings Google Docs Project Management VPN iPhone Shortcut Data Protection Budget Wireless Charging Politics Devices Wireless Technology Hard Drive Display History Data Management BDR Cost Management IT Management Data Breach Co-Managed Services Digital Signage Google Maps Spyware Alexa for Business Marketing Credit Cards App store Samsung Chromebook Windows Server 2008 R2 Access Microsoft Word Financial Payroll Facebook Privacy Specifications Virus Camera Legal Management Scams Employees IT Solutions Paperless Office Chromecast Telephone Firewall Apple Transportation Employee Webinar Laptop Antivirus Mobile Office Internet Exlporer Tablets Maintenance Private Cloud Security Cameras Consultant Sales Proactive Projects PowerPoint Admin Remote Monitoring Virtual Private Network Storage Social Engineering Battery OneDrive Smartwatch Sync Hyperlink Processor Uninterrupted Power Supply Edge Instant Messaging Hacker Break/Fix IT solutions FAQ Touchpad Development NFL eWaste Emergency Machine Learning Retail Websites Identity Wireless Internet Saving Time Remote Workers Identities Point of Sale Employee-Employer Relationship Voice over Internet Protocol iOS WIndows Server 2008 Server Maintenance Value Wasting Time Benchmarks Ciminal Medical IT Windows 10s HBO Charger Humor Entertainment Nanotechnology Micrsosoft DDoS Device Security Amazon Downtime Screen Mirroring Files Data Theft Identity Theft Data Privacy Computer Care Recovery Adobe Workers Personal Information Gamification Keyboard Shortcuts Unified Threat Management Managed IT Service Disaster Legislation Language Office Investment Accessory Myths Software as a Service 5G Solid State Drive Sabotage Root Cause Analysis Business Intelligence Windows Ink Reputation Virtual Assistant E-Commerce Emails Cast Gifts Computing Vendor Management ROI Licensing Administrator Updates Memory Human Resources Upgrades Managed Services Provider Comparison Data storage Scam Testing Computer Fan Computer Forensics Peripheral Threats Lithium-ion battery Microsoft Excel IT budget Remote Computing Education Bandwidth YouTube Hard Disk Drive PC Outlook Streaming Media Thank You Virtual Reality Work/Life Balance Text Messaging Current Events Electronic Medical Records Crowdsourcing Employer Employee Relationship Phone System Cache Benefits es Congratulations Save Time Office tips Advertising Computer Accessories Training Monitors Flexibility Music Smart Technology Television CrashOverride Compliance Printers Company Culture Scalability Analytics HaaS End of Support Relocation Keyboard Regulation Black Market Cleaning Big Data Automobile Twitter Managing Stress USB Worker PDF How To Books Mobile Computing Experience Hiring/Firing Video Games