Web Security Pt. 2 Flashcards
What is SQLi?
SQL Injection
What is SQLi caused by?
missing input validation and app-generates queries containing user-fed input
What info does user() retreive?
root@localhost
What info does database() retrieve?
‘nowasp’
What info does @@version retrieve?
‘5.7.19’
What info does @@hostname retrieve?
‘dbmachine’
What info does @@datadir retrieve?
‘/usr/local/var/mysql/’
When does In-band SQLi occur?
when we use the same channel to launch attacks and gather the results (error based, union based)
When does out-of-band SQLi occur?
when the attacker has to use different channel to gather their results
What does xp_cmdshell do?
allows the execution of commands
What does UTL_TCP do?
enables SQL to topen a communication channel with external TCP/IP-based servers using tcp/ip
What does XSS exploit?
the trust a user has for a website
What does CSRF exploit?
the trust of a website towards a user
What is cookie theft?
the attacker can access the victims cookies associated with the website using document.cookie
What is keylogging?
the attacker can track a keyboard using addEventListener and then send all of the users keystrokes to the attacker