Input Validation Testing Flashcards
Stored XSS
(AKA persistent or second-order XSS)
Occurs when a web application gathers malicious input from a user, and then stores that input for later use without correctly filtering the input.
The malicious data will appear to be part of the web site and run within the user’s browser under the user’s privileges.
Example:
- Submitting a script tag into a text input field.
Reflected XSS
Occurs when an attacker injects browser executable code within a single HTTP response.
The injected attack is not stored within the application; it is not persistent and only impacts users who open a maliciously crafted link or third-party web page.
The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.
SQL Injection
Occurs when an application uses user input to create SQL queries without proper input validation.
A successful SQL injection attack allows an unauthorized user to access or manipulate data in the database.
OS Command Injection
An attacker supplies operating system commands through a web interface in order to execute the commands on a webserver.
User Input needs to be sanitized for invalid characters.
A whitelist containing only allowable characters or command list should be created to validate the user input.
The web application and it’s components should be running under strict permissions that do not allow OS command execution.
Code Injection
An attacker submits input that is processed by the web server as dynamic code or as an included file.
Unvalidated Redirects and Forwards
The ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system.
It arises due to insufficient validation or sanitization of inputs used to perform a redirect or forward.
May result in:
- Privilege escalation (in the case of a forward)
- Phishing attacks against users (in the case of redirects)
Unvalidated Redirects and Forwards
How can this be prevented?
Don’t use user parameters as the destination of a redirection or forward.
If parameters must be used, validate the supplied value and ensure it is authorized for the user.
Use mapping values rather than the actual URLs.