SlideShare une entreprise Scribd logo

Web Aplication Vulnerabilities

Télécharger en tant que PPT, PDF
J
Jbyte

Web Aplication Vulnerabilities

Technologie
1  sur  43
Web Aplication Vulnerabilities Present by: Jordan Alexander Diaz Diaz
Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS - Cross Site Scripting, comparable to XSRF, Cross Site Request Forgery. These vulnerabilities are found in many web applications. SQLI - Structured Query Language Injection exploits weaknesses in the web application controller to data model interface. Buffer Overflows are caused by providing more data to an input variable than the amount of space allocated, overwriting memory elsewhere in the application to modify the application.
Origin and Copyright These notes are partly derived from Wikipedia entries, so as a derived work it is licenced under the GNU Free Documentation License. For further details see: http://en.wikipedia.org/wiki/Wikipedia:Copyrights http://en.wikipedia.org/wiki/Cross_site_scripting http://en.wikipedia.org/wiki/Cross_Site_Request_Forgery http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/Buffer_overflow
Cross Site Scripting - XSS A Cross Site Scripting (XSS) exploit concerns the ability of a website to run scripts within the web browser, using the JavaScript language. Obviously the browser will be designed to sandbox the script, so this has restricted access to the computer running the browser. But the browser can only have low-level information to limit what the script can do, e.g. the script won't be allowed access to files on the host. So if the attack is at a higher conceptual level of abstraction - e.g. to do with what the user of the webpage thinks about the origin of the information being presented, the lower level of logic at which the browser sandboxes website scripts will not be effective.
XSS - Example 1
How it was done http://www.web.onpe.gob.pe/ busquedaderesoluciones.php contained the following HTML source code which included some JavaScript. ?c_tipo=1&c_texto=<script>alert(/XSS/);</script>
yuhuuuu
XSS - Example 2
XSS E.G.2 - Boarding the MPAA
How Pirate Bay boarded the MPAA <form name=&quot;form&quot; action=&quot;http://www.mpaa.org/thank_you.asp&quot; method=&quot;post&quot;> <!-- here we inject an iframe and an image from http://thepiratebay.org --> <input name=&quot;txtfavoritemovie&quot; type=&quot;hidden&quot; size=&quot;18&quot; maxlength=&quot;1175&quot; value=&quot;<IMG src='http://static.thepiratebay.org/img/tpb.jpg'><BR><BR> <IFRAME width='100%' height='600px' src='http://thepiratebay.org/browse/200'>&quot;> <input type=&quot;hidden&quot; name=&quot;name&quot; value=&quot;1&quot;> <input type=&quot;submit&quot;> </form>
Other method &quot;<IMG src='http://static.thepiratebay.org/img/tpb.jpg‘ /> Sending the code of above or other code inside of coment of web site:
yuhuuuu
XSS - Mr Bean for Spanish President
Type 0: local or DOM-based XSS vulnerability This occurs where an attacker writes HTML including scripts into a context that the web browser treats as of local origin, allowing for unprivileged access to local objects - e.g. a file on the local system.
XSS type 0 example 1. Mallory sends a URL to Alice (via email or another mechanism) of a maliciously constructed web page. 2. Alice clicks on the link. 3. The malicious web page's JavaScript opens a vulnerable HTML page installed locally on Alice's computer. 4. The vulnerable HTML page is tricked into executing JavaScript in the computer's local zone. 5. Mallory's malicious script now may run commands with the privileges Alice holds on her own computer.
Type 1: non-persistent or reflected XSS vulnerability This arises when an attacker (Mallory) succeeds in getting a victim (Alice) to click on a supplied URL which is then submitted to another (e.g. Bob's) website. This can occur through a URL in an email to Alice sent by Mallory, to a site owned by Bob and accepting HTML input.
XSS type 1 example slide 1 1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information. 2. Mallory observes that Bob's website contains a reflected XSS vulnerability. 3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, making it look as if it came from Bob (ie. the email is spoofed).
XSS type 1 example slide 2 4. Alice visits the URL provided by Mallory while logged into Bob's website. 5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to Mallory's web server without Alice's knowledge.
Type 2: persistent XSS vulnerability Here Mallory inserts the HTML including script directly into Bob's website, which allows users to include HTML, e.g. where social networking sites enable users to include an HTML profile. Alice, when looking at Mallory's profile or HTML message, will run the script in her web browser within the domain context of Bob, so Alice's system will treat Mallory's script as if it were from Bob.
XSS type 2 example slide 1 1. Bob hosts a web site which allows users to post messages and other content to the site for later viewing by other members. 2. Mallory notices that Bob's website is vulnerable to a type 2 XSS attack. 3. Mallory posts a message, controversial in nature, which may encourage many other users of the site to view it.
XSS type 2 example slide 2 4. Upon merely viewing the posted message, site users' session cookies or other credentials could be taken and sent to Mallory's webserver without their knowledge. 5. Later, Mallory logs in as other site users and posts messages on their behalf....
XSRF Cross Site Request Forgery Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF or XSRF, is a kind of malicious exploit of websites. Although similar-sounding in name to cross-site scripting (XSS), it is a different and almost opposite form of attack. Whereas cross-site scripting exploits the trust a user has in a website, a cross-site request forgery exploits the trust a Web site has in a user by forging a request from a trusted user. These attacks are often less popular (so there are fewer resources available), more difficult to defend against than XSS attacks, and, therefore, more dangerous.
XSRF attack example slide 1 The attack works by including a link or script in a page that accesses a site to which the user is known to have authenticated. For example, one user, Alice, might be browsing a chat forum where another user, Mallory, has posted a message with an image that links to Alice's bank. Suppose that, as the URL for the image tag, Mallory has crafted a URL that submits a withdrawal form on Alice's bank's website. If Alice's bank keeps her authentication information in a cookie, and if the cookie hasn't expired, then Alice's browser's attempt to load the image will submit the withdrawal form with her cookie, thus authorizing a transaction without Alice's approval.
XSRF attack example slide 2 <IMG src=&quot;http://bigbank.com/transfer_money.cgi?ac=alice&pay=mallory&amount=100000&quot; &description=completion_ac2157> Here BigBank trusts Alice's cookie becauseAlice is already logged in. It therefore assumes that the URL that comes from Alice's web browser containing Alice's cookie is authorised to transfer a large sum from Alice's to Mallory's account. Data is frequently sent from browsers to websites as part of the URL, and many websites treat the GET data entry request identically to the FORM data entry request.
XSRF Common Characteristics ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection source - http://imgs.xkcd.com/comics/exploits_of_a_mom.png Exploits of a mum
SQL Injection Attacks SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. This is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Incorrectly filtered escape characters 1 This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application. The following line of code illustrates this vulnerability: statement := &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; If the &quot;userName&quot; variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended.
Incorrectly filtered escape characters 2 For example, setting the &quot;userName&quot; variable as a' or 't'='t renders this SQL statement by the parent language: SELECT * FROM users WHERE name = 'a' or 't'='t'; If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.
Incorrectly filtered escape characters 3 Theoretically any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of &quot;userName&quot; in the above statement would cause the deletion of the &quot;users&quot; table as well as the selection of all data from the &quot;data&quot; table: a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '% This input renders the final SQL statement as follows: SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%';
Incorrect type handling 1 This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example: statement := &quot;SELECT * FROM data WHERE id = &quot; + a_variable + &quot;;&quot; It is clear from this statement that the author intended a_variable to be a number correlating to the &quot;id&quot; field.
Incorrect type handling 2 However, if it is in fact a string then the end user may manipulate the statement as they choose, thereby bypassing the need for escape characters. For example, setting a_variable to 1;DROP TABLE users will delete the &quot;users&quot; table from the database as the rendered SQL would be rendered as follows: SELECT * FROM data WHERE id = 1;DROP TABLE users;
Example 01 in Php
Example 01 in Php
Example 02 in Sql Server http://www.web.pe/noticias/noticia.asp?id=170' update noticias set Titulo='Prueva';--
Example 02 in Sql Server
Example 02 in Sql Server
Buffer Overflow Exploits A buffer overflow occurs when more data is input into a program data storage area than the space allocated or planned for it. Everyone who has learned how to program in 'C' will have encountered buffer overflows as a common programming bug. Crackers have learned how to exploit this kind of bug in many situations where hostile data is input to an insecure program which worked correctly in test cases previously known to the developer.
Stack Buffer Overflow Exploitation 1 Programs are vulnerable to this exploit where: 1. The function return jump address on the program stack occurs in the memory segment soon after the exploitable buffer and nothing causing program failure if overwritten occurs between 2. The attacker can provide arbitrary input which overruns an exploitable buffer. 3. The attacker can calculate an alternate jump address to insert in place of the return jump address, so that the alternate jump address goes to program instructions which the attacker has inserted as part of the buffer overrun. (Use of a &quot;landing pad&quot; area of goto next program instructions prior to the inserted exploit code for the jump inserted by the attacker allows extra flexibility.
Stack Buffer Overflow Exploitation 2 4. The attacker can execute inserted exploit code by this means which can, with the privileges and context of the compromised program, cause actions to occur which furthers the attackers agenda, or which result in some other system security compromise. Obviously the potential system compromise will be greater when a setuid to root program, or a program running as root is exploited in this manner than if a less privileged program is exploited.
Heap Buffer Overflow Exploitation A buffer overflow occurring in the heap data area is referred to as a heap overflow and is exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc meta data) and uses the resulting pointer exchange to overwrite a program function pointer.
Further Recommended Reading ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THANKS YOU

Recommandé

Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Ritesh Raushan
 
4.Xss
4.Xss4.Xss
4.Xssphanleson
 
Advanced xss
Advanced xssAdvanced xss
Advanced xssGajendra Saini
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS ExploitationHacking Articles
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...IRJET Journal
 
Hack using firefox
Hack using firefoxHack using firefox
Hack using firefoxReza Nurfachmi
 
05370705
0537070505370705
05370705Aayush Swami
 

Recommandé

Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Ritesh Raushan
 
4.Xss
4.Xss4.Xss
4.Xssphanleson
 
Advanced xss
Advanced xssAdvanced xss
Advanced xssGajendra Saini
 
XSS Exploitation
XSS ExploitationXSS Exploitation
XSS ExploitationHacking Articles
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...IRJET Journal
 
Hack using firefox
Hack using firefoxHack using firefox
Hack using firefoxReza Nurfachmi
 
05370705
0537070505370705
05370705Aayush Swami
 
How not to make a hacker friendly application
How not to make a hacker friendly applicationHow not to make a hacker friendly application
How not to make a hacker friendly applicationAbhinav Mishra
 
CSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita MakeyevCSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita MakeyevLuna Web
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)Wail Hassan
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into ClickjackingMarco Balduzzi
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaperDaniel Tumser
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008Caleb Sima
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionMichael Hendrickx
 
Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cristian Alexandrescu
 
Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013Vishrut Sharma
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenIDSimon Willison
 
2007 2-google hacking-report
2007 2-google hacking-report2007 2-google hacking-report
2007 2-google hacking-reportsunil kumar
 
ABOUT COLOR
ABOUT COLORABOUT COLOR
ABOUT COLORphilipemartin
 
Sepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflictsSepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflictsGuillem Feixas
 
Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)Heather Braum
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsJames Pearce
 

Contenu connexe

Tendances

How not to make a hacker friendly application
How not to make a hacker friendly applicationHow not to make a hacker friendly application
How not to make a hacker friendly applicationAbhinav Mishra
 
CSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita MakeyevCSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita MakeyevLuna Web
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)Wail Hassan
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into ClickjackingMarco Balduzzi
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaperDaniel Tumser
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroTaylor Singletary
 
Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cristian Alexandrescu
 
Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013Vishrut Sharma
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenIDSimon Willison
 
2007 2-google hacking-report
2007 2-google hacking-report2007 2-google hacking-report
2007 2-google hacking-reportsunil kumar
 

Tendances (18)

How not to make a hacker friendly application
How not to make a hacker friendly applicationHow not to make a hacker friendly application
How not to make a hacker friendly application
 
CSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita MakeyevCSRF Web Vulnerabilities – Nikita Makeyev
CSRF Web Vulnerabilities – Nikita Makeyev
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into Clickjacking
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaper
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network security
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu Cross-Site Scripting course made by Cristian Alexandrescu
Cross-Site Scripting course made by Cristian Alexandrescu
 
Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013
 
Building the Social Web with OpenID
Building the Social Web with OpenIDBuilding the Social Web with OpenID
Building the Social Web with OpenID
 
2007 2-google hacking-report
2007 2-google hacking-report2007 2-google hacking-report
2007 2-google hacking-report
 

En vedette

Sepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflictsSepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflictsGuillem Feixas
 
Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)Heather Braum
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsJames Pearce
 
Are Brands Fracking The Social Web?
Are Brands Fracking The Social Web?Are Brands Fracking The Social Web?
Are Brands Fracking The Social Web?John V Willshire
 
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...Marcus Smith
 
Interlinking educational data to Web of Data (Thesis presentation)
Interlinking educational data to Web of Data (Thesis presentation)Interlinking educational data to Web of Data (Thesis presentation)
Interlinking educational data to Web of Data (Thesis presentation)Enayat Rajabi
 
4.5 mining the worldwideweb
4.5 mining the worldwideweb4.5 mining the worldwideweb
4.5 mining the worldwidewebKrish_ver2
 
Back to the roots: George Kelly in Hindsight (no-audio version)
Back to the roots: George Kelly in Hindsight (no-audio version)Back to the roots: George Kelly in Hindsight (no-audio version)
Back to the roots: George Kelly in Hindsight (no-audio version)EGCRF
 
DBpedia - An Interlinking Hub in the Web of Data
DBpedia - An Interlinking Hub in the Web of DataDBpedia - An Interlinking Hub in the Web of Data
DBpedia - An Interlinking Hub in the Web of DataChris Bizer
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Aplication of multiple intelligence theory in teaching and
Aplication of multiple intelligence theory in teaching andAplication of multiple intelligence theory in teaching and
Aplication of multiple intelligence theory in teaching andHamizah Jaffar
 
Modern Web Development
Modern Web DevelopmentModern Web Development
Modern Web DevelopmentRobert Nyman
 
Introduction to Transformative Learning
Introduction to Transformative LearningIntroduction to Transformative Learning
Introduction to Transformative LearningSu-Tuan Lulee
 
What You Need to Know About the Future of Wearable Technology
What You Need to Know About the Future of Wearable TechnologyWhat You Need to Know About the Future of Wearable Technology
What You Need to Know About the Future of Wearable TechnologyDigital Surgeons
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 

En vedette (17)

ABOUT COLOR
ABOUT COLORABOUT COLOR
ABOUT COLOR
 
Sepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflictsSepi 2013 workshop_guillem feixas_working with internal conflicts
Sepi 2013 workshop_guillem feixas_working with internal conflicts
 
Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)Managing Professional Information Overload (K12 Version)
Managing Professional Information Overload (K12 Version)
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applications
 
Are Brands Fracking The Social Web?
Are Brands Fracking The Social Web?Are Brands Fracking The Social Web?
Are Brands Fracking The Social Web?
 
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
The Semantic Web and the Digital Archaeological Workflow: A Case Study from S...
 
Interlinking educational data to Web of Data (Thesis presentation)
Interlinking educational data to Web of Data (Thesis presentation)Interlinking educational data to Web of Data (Thesis presentation)
Interlinking educational data to Web of Data (Thesis presentation)
 
4.5 mining the worldwideweb
4.5 mining the worldwideweb4.5 mining the worldwideweb
4.5 mining the worldwideweb
 
Back to the roots: George Kelly in Hindsight (no-audio version)
Back to the roots: George Kelly in Hindsight (no-audio version)Back to the roots: George Kelly in Hindsight (no-audio version)
Back to the roots: George Kelly in Hindsight (no-audio version)
 
DBpedia - An Interlinking Hub in the Web of Data
DBpedia - An Interlinking Hub in the Web of DataDBpedia - An Interlinking Hub in the Web of Data
DBpedia - An Interlinking Hub in the Web of Data
 
Linkosophy
LinkosophyLinkosophy
Linkosophy
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Aplication of multiple intelligence theory in teaching and
Aplication of multiple intelligence theory in teaching andAplication of multiple intelligence theory in teaching and
Aplication of multiple intelligence theory in teaching and
 
Modern Web Development
Modern Web DevelopmentModern Web Development
Modern Web Development
 
Introduction to Transformative Learning
Introduction to Transformative LearningIntroduction to Transformative Learning
Introduction to Transformative Learning
 
What You Need to Know About the Future of Wearable Technology
What You Need to Know About the Future of Wearable TechnologyWhat You Need to Know About the Future of Wearable Technology
What You Need to Know About the Future of Wearable Technology
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 

Similaire à Web Aplication Vulnerabilities

Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryChristopher Grayson
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfyashvirsingh48
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A JA4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A Jbhardwajakshay
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Seminar2015Bilic_Nicole
Seminar2015Bilic_NicoleSeminar2015Bilic_Nicole
Seminar2015Bilic_NicoleNicole Bili?
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxGitam Gadtaula
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 

Similaire à Web Aplication Vulnerabilities (20)

Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A JA4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A J
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Seminar2015Bilic_Nicole
Seminar2015Bilic_NicoleSeminar2015Bilic_Nicole
Seminar2015Bilic_Nicole
 
Security Tech Talk
Security Tech TalkSecurity Tech Talk
Security Tech Talk
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
Xssandcsrf
XssandcsrfXssandcsrf
Xssandcsrf
 
Xss frame work
Xss frame workXss frame work
Xss frame work
 
SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesis
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
WebApps_Lecture_15.ppt
WebApps_Lecture_15.pptWebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 
XSS.pdf
XSS.pdfXSS.pdf
XSS.pdf
 

Dernier

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Dernier (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Web Aplication Vulnerabilities

  • 1. Web Aplication Vulnerabilities Present by: Jordan Alexander Diaz Diaz
  • 2. Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS - Cross Site Scripting, comparable to XSRF, Cross Site Request Forgery. These vulnerabilities are found in many web applications. SQLI - Structured Query Language Injection exploits weaknesses in the web application controller to data model interface. Buffer Overflows are caused by providing more data to an input variable than the amount of space allocated, overwriting memory elsewhere in the application to modify the application.
  • 3. Origin and Copyright These notes are partly derived from Wikipedia entries, so as a derived work it is licenced under the GNU Free Documentation License. For further details see: http://en.wikipedia.org/wiki/Wikipedia:Copyrights http://en.wikipedia.org/wiki/Cross_site_scripting http://en.wikipedia.org/wiki/Cross_Site_Request_Forgery http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/Buffer_overflow
  • 4. Cross Site Scripting - XSS A Cross Site Scripting (XSS) exploit concerns the ability of a website to run scripts within the web browser, using the JavaScript language. Obviously the browser will be designed to sandbox the script, so this has restricted access to the computer running the browser. But the browser can only have low-level information to limit what the script can do, e.g. the script won't be allowed access to files on the host. So if the attack is at a higher conceptual level of abstraction - e.g. to do with what the user of the webpage thinks about the origin of the information being presented, the lower level of logic at which the browser sandboxes website scripts will not be effective.
  • 6. How it was done http://www.web.onpe.gob.pe/ busquedaderesoluciones.php contained the following HTML source code which included some JavaScript. ?c_tipo=1&c_texto=<script>alert(/XSS/);</script>
  • 9. XSS E.G.2 - Boarding the MPAA
  • 10. How Pirate Bay boarded the MPAA <form name=&quot;form&quot; action=&quot;http://www.mpaa.org/thank_you.asp&quot; method=&quot;post&quot;> <!-- here we inject an iframe and an image from http://thepiratebay.org --> <input name=&quot;txtfavoritemovie&quot; type=&quot;hidden&quot; size=&quot;18&quot; maxlength=&quot;1175&quot; value=&quot;<IMG src='http://static.thepiratebay.org/img/tpb.jpg'><BR><BR> <IFRAME width='100%' height='600px' src='http://thepiratebay.org/browse/200'>&quot;> <input type=&quot;hidden&quot; name=&quot;name&quot; value=&quot;1&quot;> <input type=&quot;submit&quot;> </form>
  • 11. Other method &quot;<IMG src='http://static.thepiratebay.org/img/tpb.jpg‘ /> Sending the code of above or other code inside of coment of web site:
  • 13. XSS - Mr Bean for Spanish President
  • 14. Type 0: local or DOM-based XSS vulnerability This occurs where an attacker writes HTML including scripts into a context that the web browser treats as of local origin, allowing for unprivileged access to local objects - e.g. a file on the local system.
  • 15. XSS type 0 example 1. Mallory sends a URL to Alice (via email or another mechanism) of a maliciously constructed web page. 2. Alice clicks on the link. 3. The malicious web page's JavaScript opens a vulnerable HTML page installed locally on Alice's computer. 4. The vulnerable HTML page is tricked into executing JavaScript in the computer's local zone. 5. Mallory's malicious script now may run commands with the privileges Alice holds on her own computer.
  • 16. Type 1: non-persistent or reflected XSS vulnerability This arises when an attacker (Mallory) succeeds in getting a victim (Alice) to click on a supplied URL which is then submitted to another (e.g. Bob's) website. This can occur through a URL in an email to Alice sent by Mallory, to a site owned by Bob and accepting HTML input.
  • 17. XSS type 1 example slide 1 1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information. 2. Mallory observes that Bob's website contains a reflected XSS vulnerability. 3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, making it look as if it came from Bob (ie. the email is spoofed).
  • 18. XSS type 1 example slide 2 4. Alice visits the URL provided by Mallory while logged into Bob's website. 5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to Mallory's web server without Alice's knowledge.
  • 19. Type 2: persistent XSS vulnerability Here Mallory inserts the HTML including script directly into Bob's website, which allows users to include HTML, e.g. where social networking sites enable users to include an HTML profile. Alice, when looking at Mallory's profile or HTML message, will run the script in her web browser within the domain context of Bob, so Alice's system will treat Mallory's script as if it were from Bob.
  • 20. XSS type 2 example slide 1 1. Bob hosts a web site which allows users to post messages and other content to the site for later viewing by other members. 2. Mallory notices that Bob's website is vulnerable to a type 2 XSS attack. 3. Mallory posts a message, controversial in nature, which may encourage many other users of the site to view it.
  • 21. XSS type 2 example slide 2 4. Upon merely viewing the posted message, site users' session cookies or other credentials could be taken and sent to Mallory's webserver without their knowledge. 5. Later, Mallory logs in as other site users and posts messages on their behalf....
  • 22. XSRF Cross Site Request Forgery Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF or XSRF, is a kind of malicious exploit of websites. Although similar-sounding in name to cross-site scripting (XSS), it is a different and almost opposite form of attack. Whereas cross-site scripting exploits the trust a user has in a website, a cross-site request forgery exploits the trust a Web site has in a user by forging a request from a trusted user. These attacks are often less popular (so there are fewer resources available), more difficult to defend against than XSS attacks, and, therefore, more dangerous.
  • 23. XSRF attack example slide 1 The attack works by including a link or script in a page that accesses a site to which the user is known to have authenticated. For example, one user, Alice, might be browsing a chat forum where another user, Mallory, has posted a message with an image that links to Alice's bank. Suppose that, as the URL for the image tag, Mallory has crafted a URL that submits a withdrawal form on Alice's bank's website. If Alice's bank keeps her authentication information in a cookie, and if the cookie hasn't expired, then Alice's browser's attempt to load the image will submit the withdrawal form with her cookie, thus authorizing a transaction without Alice's approval.
  • 24. XSRF attack example slide 2 <IMG src=&quot;http://bigbank.com/transfer_money.cgi?ac=alice&pay=mallory&amount=100000&quot; &description=completion_ac2157> Here BigBank trusts Alice's cookie becauseAlice is already logged in. It therefore assumes that the URL that comes from Alice's web browser containing Alice's cookie is authorised to transfer a large sum from Alice's to Mallory's account. Data is frequently sent from browsers to websites as part of the URL, and many websites treat the GET data entry request identically to the FORM data entry request.
  • 25.
  • 26. SQL Injection source - http://imgs.xkcd.com/comics/exploits_of_a_mom.png Exploits of a mum
  • 27. SQL Injection Attacks SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. This is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
  • 28. Incorrectly filtered escape characters 1 This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application. The following line of code illustrates this vulnerability: statement := &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; If the &quot;userName&quot; variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended.
  • 29. Incorrectly filtered escape characters 2 For example, setting the &quot;userName&quot; variable as a' or 't'='t renders this SQL statement by the parent language: SELECT * FROM users WHERE name = 'a' or 't'='t'; If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.
  • 30. Incorrectly filtered escape characters 3 Theoretically any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of &quot;userName&quot; in the above statement would cause the deletion of the &quot;users&quot; table as well as the selection of all data from the &quot;data&quot; table: a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '% This input renders the final SQL statement as follows: SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%';
  • 31. Incorrect type handling 1 This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example: statement := &quot;SELECT * FROM data WHERE id = &quot; + a_variable + &quot;;&quot; It is clear from this statement that the author intended a_variable to be a number correlating to the &quot;id&quot; field.
  • 32. Incorrect type handling 2 However, if it is in fact a string then the end user may manipulate the statement as they choose, thereby bypassing the need for escape characters. For example, setting a_variable to 1;DROP TABLE users will delete the &quot;users&quot; table from the database as the rendered SQL would be rendered as follows: SELECT * FROM data WHERE id = 1;DROP TABLE users;
  • 35. Example 02 in Sql Server http://www.web.pe/noticias/noticia.asp?id=170' update noticias set Titulo='Prueva';--
  • 36. Example 02 in Sql Server
  • 37. Example 02 in Sql Server
  • 38. Buffer Overflow Exploits A buffer overflow occurs when more data is input into a program data storage area than the space allocated or planned for it. Everyone who has learned how to program in 'C' will have encountered buffer overflows as a common programming bug. Crackers have learned how to exploit this kind of bug in many situations where hostile data is input to an insecure program which worked correctly in test cases previously known to the developer.
  • 39. Stack Buffer Overflow Exploitation 1 Programs are vulnerable to this exploit where: 1. The function return jump address on the program stack occurs in the memory segment soon after the exploitable buffer and nothing causing program failure if overwritten occurs between 2. The attacker can provide arbitrary input which overruns an exploitable buffer. 3. The attacker can calculate an alternate jump address to insert in place of the return jump address, so that the alternate jump address goes to program instructions which the attacker has inserted as part of the buffer overrun. (Use of a &quot;landing pad&quot; area of goto next program instructions prior to the inserted exploit code for the jump inserted by the attacker allows extra flexibility.
  • 40. Stack Buffer Overflow Exploitation 2 4. The attacker can execute inserted exploit code by this means which can, with the privileges and context of the compromised program, cause actions to occur which furthers the attackers agenda, or which result in some other system security compromise. Obviously the potential system compromise will be greater when a setuid to root program, or a program running as root is exploited in this manner than if a less privileged program is exploited.
  • 41. Heap Buffer Overflow Exploitation A buffer overflow occurring in the heap data area is referred to as a heap overflow and is exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc meta data) and uses the resulting pointer exchange to overwrite a program function pointer.
  • 42.