3.5 Attacks & exploits: Application attacks Flashcards
Directory Traversals: what Directory Traversal type of attack and what information can you retrieve from it?
▪ Allows access to files, directories, or commands that may or may not be connected to the web document root directory
▪ In a directory traversal, an attacker tries to navigate upwards and out of the web document root directory
▪ Directory traversals may be used to access any file on a system with the right permissions
▪ Attackers may try to use %2E%2E%2F instead of ../
Directory Traversals: what File Inclusion type of attack and what are the different type of file inclusion that exists (2)?
▪ Allows an attacker to download a file from an arbitrary location or upload an executable or script file to open a backdoor
▪ Remote File Inclusion: Executes a script to inject a remote file into the web app or the website
▪ Local File Inclusion: Adds a file to the web app or website that already exists on the hosting server
Cross-Site Scripting (XSS): what is XSS attack?
▪ Injects a malicious script into a trusted site to compromise the site’s visitors
▪ Cross-site scripting (XSS) is a powerful input validation exploit
▪ XSS breaks the browser’s security and trust model
Cross-Site Scripting (XSS): explain the process to perform this attack as an attacker (4)
● Attacker identifies input validation vulnerability within a trusted website
● Attacker crafts a URL to perform code injection against the trusted website
● The trusted site returns a page containing the malicious code injected
● Malicious code runs in the client’s browser with permission level as the trusted site
Cross-Site Scripting (XSS): what are the 2 types of XSS attack?
● Non-Persistent XSS: Happens once
● Persistent XSS: Embedded code
Cross-Site Scripting (XSS): what is Document Object Model (DOM) XSS?
▪ Exploits the client’s web browser using client-side scripts to modify the content and layout of the web page
▪ DOM XSS runs with the logged in user’s privileges of the local system
Cross-Site Request Forgery (CSRF): what is Session Management for ?
Enables web applications to uniquely identify a user across several different actions and requests
Cross-Site Request Forgery (CSRF): what is Cookie for and what are the different types of cookies that exists (2)?
Text file used to store information about a user when they visit a website. Cookie type:
● Non-Persistent Cookie (Session Cookie): Reside in memory
● Persistent Cookie: Stored in browser cache
Cross-Site Request Forgery (CSRF): explain Session Hijacking type of attack and vectors that you can use to do the attack (2)
Disconnects a host and then replaces it with his or her own machine by spoofing the original host IP address. Vector for this attack:
● Session cookie theft
● Non-random tokens
Cross-Site Request Forgery (CSRF): explain Session Prediction type of attack
▪ Predicts a session token to hijack the session
▪ Session tokens must be generated using non-predictable algorithm and must not reveal any info about the session’s client
Cross-Site Request Forgery (CSRF): explain CSRF type of attack
Exploits a session that was started on another site and within the same web browser
Cross-Site Request Forgery (CSRF): how to prevent from CSRF type of attack (3)
● Ensure user-specific tokens are used in all form submissions
● Add randomness and prompt for additional information for password resets
● Require users to enter their current password when changing it
SQL Injections: list the most common SQL commands (4) and explain them
SELECT = Read
INSERT = Write
DELETE = Remove
UPDATE = Overwrite
SQL Injections: what is a code injection?
Inserts additional information or code through a data input form from a client to an application
SQL Injections: what is SQL injection and what vectors can you use to do it (5)?
Injects an SQL query through the input form a client uses to send data to a web application. Vectors for SQLi:
● URL parameters
● Form fields
● Cookies
● POST data
● HTTP headers
