Section - 18 - Vulnerabilities and attacks Flashcards
What is an SQL injection attack?
It is an attack in which an attacker send malicious SQL queries to SQL databases through website input forms or URL parameters.
It happens when the attacker sends these SQL queries and servers don’t validate the input or sanitize the input. It can lead to unauthorized access to sensitive data.
Ex = “or ‘1’ = ‘1’” <- this is send through a user_name/password page
What are URL parameters?
URL Parameters are used to filter and find information on webpages easily.
URL parameters starts with “?” and had key/value pairs that might be separated by “&”
What are 3 types of SQL injection attacks?
- In-band SQL injection attack - The attacker gets the output from the same interface from which attack was initialized.
- Out-of-band SQL injection attack
- Inferential SQL injection attack - In this attack, attacker doesn’t get an direct output but instead get some information about the database that he can use to conduct his main attack.
What is XML injection attack?
It is targeted at applications or XML parsers that process XML data.
These applications or XML parsers might get data from Web forms or other API interfaces that attackers can exploit if the input from these sources is not sanitized or validated.
In this attack, an attacker inserts an malicious XML script into the XML processing application.
What are 2 specific types of XML attacks that DION taught?
XML bomb attack (also known as Billion Laughs attack) - In this attack, attacker exploits the way XML parsers process entity references in XML documents.
XML External Entity (XXE) - In this attack, the attacker exploits the way XML parser handles external entity references in XML documents.
What is a cross-site scripting attack?
It is an attack in which a threat actor injects malicious script, typically written in Java script, into web pages viewed by other users.
With this attack, an attacker can steal personal information from clients or hijack their sessions or install malware in client system.
What are different types of cross-site scripting attacks?
Reflected XSS - in this attack, the threat actor crafts a URL with malicious script in it and somehow lures his victim into clicking on his link.
The web server that is vulnerable to these attacks will reply to the client with this malicious script in their response.
The client trusts the response from this trusted site and will run the malicious script.
Stored XSS attack -
DOM based XSS attack
What are Stored XSS attack and DOM-based XSS attack?
Stored XSS attack - in this attack, the threat actor injects the malicious script directly into the server and when any client visits this infected site, they get infected too.
DOM-based XSS attack - DOM stands for Document Object model - This XSS attack occurs on the client side.
In this attack, the threat actor injects some malicious code into the Document Object model in clients browser.
From a log data, how can we know if some attack is a XSS (Reflected or Stored) attack?
If the log data has some kind of “Java script” in it, that means it is an Reflected or Stored XSS attack.
From a log data, how can we know if some attack is DOM-based XSS attack?
In the log data, if we see something [document.something], most likely it is an DOM XSS attack.
What is cross-site request forgery (CSRF) attack?
In this attack, the threat actor tricks his victim into sending some malicious request (without the knowledge of victim) into the trusted webserver where user is authenticated.
This request can be to update email address, reset password etc.
How does Cross Site request forgery attack works?
- The victim authenticates to a website and establishes the connection.
- The attacker crafts a malicious webpage or a email with malicious link or form, that when clicked or submitted, sends the malicious request to the server.
- The attacker tricks the victim into clicking on the link
- the trusted website runs this malicious request assuming that it came from right source.
What are cookies and what are its 2 types?
Cookies are just like text files that contain users information about the web session with some web-server.
There are 2 types of cookies
- Non-persistent - these are also called session cookies. This cookie type only remains active while the clients session is active with web-server and this cookie type only stays in the memory.
- Persistent cookie - These are stored in the browser cache until deleted or expired.
What is DOM?
DOM stands for Document Object model.
It is a model that can represent different data structures like HTML, XML in tree like structures.
DOM makes easy to work with HTML, XML data.
What is a session prediction attack?
It is a type of spoofing attack in which an attacker attempts to predict the session token to hijack the session.
This attack is successful on those servers that do use algorithms that do not create random session tokens for each connection request.