CSRF (Cross-Site Request Forgery, aka one-click attack) is an attack that tricks a web browser into performing an unwanted action within an application, which a victim is logged into. If a victim visits a website created by an attacker, a request is sent secretly on behalf of a user to another server that performs a malicious action.
To make this attack possible, a victim has to be authenticated on the server to which the request is sent. This request should not require any confirmation, which can’t be ignored or tampered with an attacking script.
A forged request is sent to a target website through a victim’s browser. An application can’t distinguish a legitimate request from a malicious one since a user is authenticated in the application during the attack. …
SQL injection is a web security vulnerability, which permits an attacker to disrupt the queries an application sends to its database. An attacker can control the results of SQL commands execution, which gives access to sensitive data stored in the database (user data, payment data, etc.). The attacker can alter or delete it, which may also affect the application’s behavior.
SQL injection is undoubtedly one of the most critical vulnerabilities. An adversary can:
- bypass authentication and impersonate users;
- access data stored on the database server;
- modify or delete data from the database;
- use an SQL injection to initiate an attack vector on the internal network protected by a firewall. …
Directory traversal (or path traversal) is a vulnerability, the exploitation of which enables an attacker to read arbitrary files on an application’s server (source code, application data, backend credentials, OS files). In some cases, an attacker can write information to the files stored on the server, thus changing data and behavior of an application.
The vulnerability may arise when:
- working with archives;
- working with paths based on user input.
Let’s see an example to find out how it looks like in practice.
How it works?
Let’s examine an example of reading an arbitrary file through directory traversal. …
Command injection is a type of vulnerability that enables an adversary to execute arbitrary OS commands on the server through susceptible applications. These vulnerable applications begin to pass unsafe data, such as HTTP headers, forms, and cookies, supplied by the user to a system shell.
These attacks are possible usually because of insufficient input validation. An OS command injection can be prevented if proper measures are taken at the application design and development stages.
How it works?
The vulnerability can be discovered during code review. …
Open access files and directories stored on an application server are considered one of the most widespread security issues. This is obvious given that an attacker can gain access to confidential data. The consequences of attacks are specific and depend on how contents can be used for malicious purposes. Path names can be predictable if they reflect the purpose of files and directories:
- admin panel files (
/admin.php); - backups and logs (
/log.txt;/back.sql;/backup.tar.gz), which help an adversary reconstruct the web project structure; - version control system files (
/.git); - debug files (
/test.php); - hidden copies of editable files (
/admin.php~).
Searching for directories like admin consoles is a straightforward task. You can do it by typing different supposed paths in the browser’s address bar or navigating between directories with a sequence of characters ../. Since manual brute forcing is a laborious and time-consuming task, attackers use automated tools like dirb and dirsearch to facilitate the process. …
About
