Scribd
Upload
33 views24 pages

Webapplicationattacks 101005070110 Phpapp02

The document discusses web application attacks, highlighting common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, and Parameter Tampering. It explains how these attacks exploit weaknesses in web applications and the importance of secure coding practices. Additionally, it covers various attack techniques and their potential impacts on web security.

Uploaded by

SyedAliShahid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
33 views24 pages

Webapplicationattacks 101005070110 Phpapp02

The document discusses web application attacks, highlighting common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, and Parameter Tampering. It explains how these attacks exploit weaknesses in web applications and the importance of secure coding practices. Additionally, it covers various attack techniques and their potential impacts on web security.

Uploaded by

SyedAliShahid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

WEB APPLICATION

ATTACKS
What is a Web Application?
 Any application that is served commonly via http or https protocol

 Usually being served from a remote computer acting as a


host/server
Inroduction
 The fact that the vast majority of websites, including those
considered most business critical, are riddled with vulnerabilities.

 Web applications are accessible openly on web there by making it


more prone to hacking.

 Web Developers are not well versed with security issues because
of which the applications are prone to vulnerabilities.

 Web applications run in the browser, any security loop hole in


browser will lead to exploiting vulnerability in web application.
Technologies Involved
Typical Web Application
Structure
Common Web application
Threats
 Cross-Site Scripting(XXS)
 SQL Injection
 Parameter Tampering
 Command Injection
 Session Management
 Cookie Poisoning
 Directory Traversal
 Cross-Site Request Forgery
 Buffer Overflows
What is Cross- Site
Scripting(XSS)?
XSS is a vulnerability which is present in websites or web
applications, allows malicious users (Hackers) to insert their client
side code (normally JavaScript) in those web pages. When this
malicious code along with the original webpage gets displayed in
the web client (browsers like IE, Mozilla etc), allows Hackers to
gain greater access of that page.
Cross- Site Scripting(XSS)
Attack
How XSS Works
Web server gets data from web client (POST, GET etc) with the
request. So a malicious User can include client side code
snippets (JavaScript) into the data. For example :

<script>alert (‘this site has been hacked’) ;</script>


Type of XSS attacks
 Non-persistent

 Persistent

 DOM Based
What is SQL Injection?
 The ability to inject SQL commands in to database engine through
an existing application

 SQL Injection is a vulnerability which exists on the server side and


poses a risk to the Database server of the application.

 Gain access to restricted areas without proper credentials.

 Insert/Delete data to the database.

 Steal private information.


SQL Injection attacking
example 1
SQL Inje
ct Code

http://example.com/db.php?id=0
http://example.com/db.php?id=0;DELETE%20FROM%20users

<?php
$id= $_GET[ 'id' ] ;
//$id = 0;DELETE FROM users

$result = mysql_query("SELECT * FROM users WHERE id={$id}");

bl e data
t a
User stroy
de
SQL Injection attacking example 2
<?php
$query = "SELECT * FROM users WHERE
users= ' {$_POST['username']} ' AND
password= ' {$_POST['password']} ' ";
ject
SQL In
mysql_query($query); Code

//$_POST['username'] = 'bob';
//$_POST['password'] = " ' OR '1'='1 ";

echo $query;
?>

output:
SELECT * FROM users
WHERE user='bob' AND password=' ' OR '1'='1'
Parameter Tampering
 Parameter tampering is a sophisticated form of hacking that
creates a change in the Uniform Resource Locator, or URL,
associated with a web page.

 Essentially, parameter tampering makes it possible for the hacker


to gain access to any information entered by an end user on an
effected web page, and redirect it to the hacker for unauthorized
use.

 This type of hacking activity is often employed to gain access to


personal information such as credit card numbers, government
issued identification numbers, and other data that is of a
proprietary nature.
Parameter Tampering -Example
Parameter Tampering - Example
Command Injection
 OS Commanding is an attack technique used for unauthorized
execution of operating system commands.

 This attack is possible when an application accepts untrusted


input to build operating system commands in an insecure manner
involving improper data sanitization, and/or improper calling of
external programs.

 In OS Commanding, executed commands by an attacker will run


with the same privileges of the component that executed the
command, (e.g. database server, web application server, web
server, application). Since the commands are executed under the
privileges of the executing component an attacker can leverage
this to gain access or damage parts that are otherwise
unreachable (e.g. the operating system directories and files).
Session Management
 In human-computer interaction, session management is the
process of keeping track of a user's activity across sessions of
interaction with the computer system.

 HTTP/s Protocol does not provide tracking of a users session.

Session tracking answers the question:


◦ After a user authenticates how does the server associate subsequent requests to
the authenticated user?
◦ Typically, Web Application Vendors provide a built-in session tracking, which is
good if used properly.
Session Management Attack Scenarios

 Session Hijacking
 Session Replay
 Session Fixation
 Session Tempering
Cookie Poisoning
 Many Web applications use cookies to save information
(user IDs, passwords, account numbers, time stamps,
etc.)

 Involve the modification of the contents of a


cookie(personal information stored in a Web user's
computer) in order to bypass security mechanisms.

 Cookie poisoning is in fact a Parameter Tampering


attack, where the parameters are stored in a cookie

 Gain unauthorized information about another user and


steal Identity.
Directory Traversal
 A Path Traversal attack aims to access files and directories that
are stored outside the web root folder.

 The attacker uses “../” sequences to move up to root directory,


thus permitting navigation through the file system.

 The attacker needs to guess how many directories to climb in


order to get to the desired directory.

 Attackers might view restricted files or execute powerful


commands on the Web server, leading to a full compromise of the
Web server.
Cross-Site Request Forgery
Description
 An attack that tricks the victim into loading a page that contains a malicious

request.

 Performs GET/POST request of attacker’s choice on behalf of logged in user

 The attacker can make the victim perform actions that they didn't intend to,
such as logout, purchase item, change account information, retrieve account
information, or any other function provided by the vulnerable website.

 Also known as Session Riding, One-Click Attacks, Cross Site Reference


Forgery, Hostile Linking, and Automation Attack

Affected Environments
 All web application frameworks are vulnerable to CSRF.
CSRF Continued Logging Request

Auth Cookies
at e
Legitim
t
Reques Bob
Bank.com

View My
Money Pictuires
Transfer

Hacker sends a Malicious href tag to bob

<a href="http://bank.com/transfer.do?
acct=MARIA&amount=100000">View my Pictures!</a>
Buffer Overflows
 Buffer is storage space for data. Buffer overflow occurs
when the user input exceeds the maximum size of the
buffer, overwriting the other areas of the memory and
corrupting those areas.

 It is well known vulnerability

 Attacker will inject data with shellcode into the allocated


stack area. By over-writing return addresses he will run his
malicious code.

You might also like