Web Application Attacks Flashcards
attacker injects a pointer in a web form to an exploit hosted elsewhere
File Injection
attacker gains shell access using Java or similar
Command Injection
)(&)
LDAP Injection
inject query strings in order to bypass authentication
Uses XML to format information
Messages are “one way” in nature
SOAP Injection
attempts to write data into application’s buffer area to overwrite adjacent memory, execute code or crash a system
Inputs more data than the buffer is allowed
Includes stack, heap, NOP sleds and more
Buffer Overflow
inputting javascript into a web form that alters what the page does
executes a malicious script in your browser
XSS (Cross-site scripting)
forces an end user to execute unwanted actions on an app they’re already authenticated on
sends a malicious request on your behalf.
Cross-Site Request Forgery (CSRF)
attacker logs into a legitimate site and pulls a session ID; sends link with session ID to victim. Once vitcim logs in, attacker can now log in and run with uer’s credentials
similar to CSRF
Session Fixation
injecting SQl commands into input fields to produce output
input “’ OR 1 = 1 –” into a login field
SQL Injection
uses same communication channel to perform attack
Usually is when data pulled can fit into data exported (where data goes to a web table)
Best for using UNION queries
In-band SQL injection
uses different communication channels (e.g. export results to file on web server)
Out-of-band SQL injection
error messages and screen returns don’t occur; usually have to guess whether command work or use timing to know
Blind/inferential SQL Injection
adds header response data to an input field so server splits the response
Can be used to redirect a user to a malicious site
Is not an attack in and of itself - must be combined with another attack
HTTP Response Splitting
