Web-Based Hacking: Servers and Applications Flashcards
What is Unicode?
This dot-dot-slash attack is also known as a variant of Unicode or
unvalidated input attack. Unicode is a standard for ensuring consistent encoding
and text representation and can be accepted by servers for malicious purposes.
Unvalidated input means the server has not been configured to accept only specific input
during an HTTP GET, so an attacker can craft the request to ask for command prompts, to try
administrative access passwords, and so on.
What are the types of buffer overflow attacks?
• Stack This idea comes from the basic premise that all program calls are kept in a stack and
executed in order. If you affect the stack with a buffer overflow, you can perhaps change a
function pointer or variable to allow code execution.
• Heap Also referred to as heap overflow, this attack takes advantage of the memory “on top
of” the application, which is allocated dynamically at runtime. Because this memory usually
contains program data, you can cause the application to overwrite function pointers.
• NOP sled A NOP sled makes use of a machine instruction called no-op. In the attack, a
hacker sends a large number of NOP instructions into the buffer, appending command code
instruction at the end. Because this attack is so common, most IDSs protect against it. For
example, check out the code capture shown in Figure 6-3; the NOP sled should be easy to spot!
What is the following URL an example of?
http://IPADDRESS/“;!–”=&{()}
A XSS attack (i.e. a Cross Scripting Attack)
What is a SOAP injection attack?
SOAP injection is another related attack. Simple Object Access
Protocol (SOAP) is designed to exchange structured information in web services in
computer networks and uses XML to format information.
What do the terms mean: Union query Tautology Blind SQL injection Error-based SQL injection
• Union query The thought here is to make use of the UNION command to return the union
of your target database with one you’ve crafted to steal data from it.
• Tautology This is an overly complex term used to describe the behavior of a database
system when deciding whether a statement is true. Because user IDs and passwords are often
compared and the “true” measure allows access, if you trick the database by providing
something that is already true (1 does, indeed, equal 1), then you can sneak by.
• Blind SQL injection This occurs when the attacker knows the database is susceptible to
injection, but the error messages and screen returns don’t come back to the attacker. Because
there’s a lot of guesswork and trial and error, this attack takes a long while to pull off.
• Error-based SQL injection This isn’t necessarily an attack so much as an enumeration
technique. The objective is to purposely enter poorly constructed statements in an effort to get
the database to respond with table names and other information in its error messages.
