Attacks Flashcards
What are the 5 different injection attacks?
Cross-site request forgery (CSRF)
Cross-site scripting (XSS)
SQL injection
System command injection
Remote file inclusion
Cross-site Request Forgery (CSRF) attack
Attackers trick users into unintentionally executing actions on a web application where they are authenticated.
This can lead to unauthorized actions being performed on behalf of the victim without their knowledge or consent.
Takes advantage of the browser-target trust.
How to prevent CSRF
Double-submit cookie prevention = When a user visits a website, the site generates a value that stores as a cookie on the user’s device, apart from the session identifier cookie.
Same-site cookie prevention = restrict a origin of which a cookie can be sent
Cross-Site Scripting attack (XSS)
Attackers inject malicious scripts into websites, compromising the security and privacy of users.
Two-way attack → Allows for both sending and receiving.
What are the 3 types of XSS
Stored, Reflected & DOM based
Describe Stored VSS
More dangerous
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.
The victim then retrieves the malicious script from the server when it requests the stored information.
Describe Reflected XSS
Reflected attacks are those where the injected script is reflected off the web server.
When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
The browser then executes the code because it came from a “trusted” server.
Describe DOM based XSS (shortly)
happens on the client side without server interaction.
This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).
How to prevent XSS & CSRF
Sanitizing the inputs from header or another input field.
Or for CSRP when take in a header input, look specifically for characters needed to collect the page from the server and discard possible malicious code after that.
SQL injection
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application.
How to prevent SQL injection
Use parameterized prepared statements
Use code review, penetration testing & static analysis
Use input validation as secondary defense when using bind variables
Practice the principle of least privilege to limit the impact of SQL injections.
What are the differences between CSRF & XSS
CSRF:
-User trusts a badly
implemented website
-Attacker injects a script into the
trusted website
-User’s browser executes
attacker’s script
XSS:
-A badly implemented website
trusts the user
-Attacker tricks user’s browser
into issuing requests
-Website executes attacker’s
requests
System Command injection
“A cyber attack that involves executing arbitrary commands on a host operating system (OS)”
Remote file inclusion
Allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application.
The vulnerability occurs due to the use of user-supplied input without proper validation.
(The attack means that a person can execute their own script code on someone else’s server.)
Smash the stack attack
A cyberattack that causes a stack buffer overflow.
Can lead to:
Unauthorized access
Injecting malicious code into a running program
Can protect against with:
Use memory safe languages (Rust etc)
Mitigation:
Address randomization
Non-executable memory
Stack canaries
IP Fragmentation Attack
An IP fragmentation attack uses IP fragmentation to disrupt services or disable devices, usually by sending datagrams that will be impossible to reassemble upon delivery.
This attack can be used to overwrite part of the TCP header information of the first fragment, which contained data that was allowed to pass through the firewall, with malicious data in subsequent fragments.
Can cause DOS.
Can be detected with:
Stateful inspection
Anomaly detection
Denial of Service(DOS) attack
An attack meant to shut down a machine or network, making it inaccessible to its intended users.
DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash
For example, Black Friday sales, when thousands of users are clamoring for a bargain, often cause a denial of service. But they can also be malicious.
Return to libc attack
Usually starting with a buffer overflow in which a subroutines return address on a call stack is replaced by an address of a subroutine that is already present in the process executable memory.
The attacker do not need to inject their own code.
How does a CSRF attack work?
- Alice visits a benign site (keeps track of session cookie)
- Alice browses a site with malicious code embedded in the page source.
- The browser forwards the request to the benign site
- The benign site executes the request thinking it was from the user.
One way attack → Allows for only sending not receiving
What is a example of stored XSS
- Malicious code is injected in the server –> code returns as part of responses to user requests.
- Alice request a page from the server.
3.Alice downloads the code
- The attacker gets whatever.
What is an example of reflected XSS
- Attacker sends malicous link to Alice.
- Alice clicks on the link.
3.The server echos the input back.
4.Alice unknowingly requests a page. - The attacker gets whatever.
What are the two forms of DOS attacks
DOS
Uses only a small number of attacking systems (possibly just one) to overload the target
DDOS
The attacker enlists the help of (many) thousands of Internet users to each generate a small number of requests which, added together, overload the target.