Section 28: Attacking Vulnerabilities

Question 1

File Inclusion

Answer 1

Allows an attacker to download a file from an arbitrary location or upload an executable or script file to open a backdoor

● Remote File Inclusion
o Executes a script to inject a remote file into the web app or the website

● Local File Inclusion
o Adds a file to the web app or website that already exists on the hosting server

Question 2

Cross-Site Scripting (XSS)

Answer 2

Cross-Site Scripting (XSS)
▪ Injects a malicious script into a trusted site to compromise the site’s
visitors

1. Attacker identifies input validation vulnerability within a trusted
   website
2. Attacker crafts a URL to perform code injection against the
   trusted website
3. The trusted site returns a page containing the malicious code
   injected
4. Malicious code runs in the client’s browser with permission level
   as the trusted site

Question 3

Session Management

Answer 3

Enables web applications to uniquely identify a user across several
different actions and requests

Question 3

Cookie

Answer 3

▪ Text file used to store information about a user when they visit a website

● Non-Persistent
o Reside in memory

● Persistent
o Stored in browser cache

Question 4

Session Hijacking

Answer 4

▪ Disconnects a host and then replaces it with his or her own machine by spoofing the original host IP address
● Session cookie theft
● Nonrandom tokens

Question 4

Session Prediction

Answer 4

Predicts a session token to hijack the session

Question 5

Cross-Site Request Forgery (CSRF)

Answer 5

▪ Exploits a session that was started on another site and within the same web browser

1. Ensure user-specific tokens are used in all form submissions
2. Add randomness and prompt for additional information for
   password resets
3. Require users to enter their current password when changing it

The Victim needs to have a session on a legitimate website(bank) and the malicious website on the same browser at the same time. The attacker can then send requests to the legitimate website through the browser.

Question 6

Extensible Markup Language (XML)

Answer 6

▪ Used by web apps for authentication, authorization, and other types of data exchange

Question 7

Lightweight Directory Access Protocol (LDAP)

Answer 7

▪ An open, vendor-neutral, industry standard application protocol for
accessing and maintaining distributed directory information services over an Internet Protocol network

Often used for authentication and storing information about users, groups, and applications.

Question 8

BGP

Answer 8

Bridge Gateway Protocol

An external gateway protocol that manages how packets are routed from network to network.