1.3 Application Attacks Flashcards
This type of attack involves gaining higher-level access to a system by exploiting a vulnerability or design flaw.
Privilege Escalation
This type of attack is the most common attack carried out on web pages. Involves the injection of javascripts into a webpage in order to carry out malicious scripts, capture entered information, or display messages.
Cross Site Scripting (XSS)
This type of XSS attack involves scripts running as input, which then get returned to the user and executed on the victim machine. Can also be a URL hyperlink in an email that runs the script when the victim click the link in the email.
Non-persisten (reflected)
This XSS attack type is kept stored in a database or web server, allowing a script to be ran against every user who accesses the targeted webpage. There is no specific target involved.
Persistent (stored)
This type of attack is often the result of bad programming by not handling input/output correctly. Involves an attacker inserting their own information into a data stream.
Injection attacks
This type of injection attack focuses on modifying the requests going into a relational database in order to perform malicious queries.
SQL Injection
These two injection types will modify data transfer and storage requests, and manipulate the results of directory access requests.
XML and LDAP Injection
This type of injection attack involves the manipulation of dynamic-link library code that can unintentionally run programs or applications.
DLL Injection
This type of attack involves overwriting the memory buffer in order to cause data to spill over into other memory areas. Can cause DoS and allow a system to be compromised. Complex exploit that can be repeatable.
Buffer Overflow
This type of attack involves capturing useful information from network traffic and then send the data back out across the network in order to appear as the person they captured the info from.
Replay Attack
This type of replay attack involves an attacker capturing a password hash being transported over the network and then passes it on to the server as its own request in order to gain authentication.
Pass the hash
This happens when an attacker uses headers, browser cookies, or any captured network traffic in order to take over the target’s trusted session with a website.
Session Hijacking
This type of request forgery is often known as a one-click attack and takes advantage of the inheirent trust between the website and your browser. Often sent as a hyperlink in an email with the request in it that runs when clicked.
Cross site request forgery (XSRF)
This type of forgery eliminates the need for a client and allows an attacker to perform requests to a web server on behalf of the attacker. Often caused by bad programming practices.
Server Side Request Forgery (SSRF)
This type of attack utilizes the trust between your OS and your PC hardware.
Driver Manipulation
