Chapter 9: Web Application Attacks

Question 1

Before beginning a Web Application Attacks, what four things should we enumerate?

Answer 1

1. Programming Language and Frameworks
2. Web server software
3. Database software
4. Server operating system

Question 2

Define Cross-site scripting (XSS).

Answer 2

Cross-Site Scripting allows attackers to inject client-side-scripts into pages viewed by other users.

Question 3

What enables XSS?

Answer 3

A lack of data sanitisation.

Question 4

What is data sanitisation?

Answer 4

A process in which user input is processed, removing or transforming all dangerous characters or
strings.

Question 5

Describe Stored XSS/Persistent XSS.

Answer 5

Occurs when a payload is stored in the web servers database or cached by the server. The web application then retrieves this payload and displays it to anyone that views the vulnerable webpage.

Question 6

Describe Reflected XSS.

Answer 6

Usually includes the payload in a crafted request or link. The web application then places this request in the page content. This attack only works when a person submits the request or views the link.

Question 7

Describe DOM-based XSS.

Answer 7

Similar to the other two, however it takes place inside the websites Document Object Model. A browser parses html content and generates an internal DOM representation. This attack occurs when the code underneath the webpage has been changed.

Question 8

How do we identify XSS vulnerabilities?

Answer 8

Potential entry points are input fields which accept unsanitized input and is displayed as output in subsequent pages.

Question 9

In terms of SQLi, what is a simple way to check for SQLi vulnerability?

Answer 9

Use ‘

It’s a string delimiter used in queries. If it’s vulnerable and hasn’t handled it correct, it will likely result in a database error.