Rodney Keeling

Web security is a huge business due to today’s high reliance on the internet and web media. The number of web technologies has vastly increased over the past 10 years, and with these new technologies came vulnerabilities. I have put together a list of a few common techniques and methods for attack that span over a variety of web technologies. Fortunately, implementing a few precautions before making your site live can help prevent some of these techniques from being used against you.

1. XSS Vulnerabilities
Cross-Site Scripting (XSS) is an exploit wherein the attacker utilizes unsanitized forms and user inputs to execute/inject client-side scripts onto the web page. There are two main types of XSS attacks; persistent and non-persistent. Non-persistent attacks are static and are not saved by the web page/site; however, they still may be dangerous. A simple, non- harmful example of a non-persistent attack would be inserting this into a vulnerable form:

<script>alert(“This has an XSS vulnerability.”);</script>

Non-persistent attacks are still dangerous, however, for an XSS script could lead a user on a website to pass over valuable cookie information which could easily result in a session hijack for that particular website. Although this example may just popup with “This has an XSS vulnerability”, if you know your way around Javascript, I’m sure you can imagine what you can do to vulnerable forms. Persistent XSS attacks are normally much more damaging to the website, for the server actually saves the exploit code and runs/displays it on the website for everyone to fall into. Preventing XSS attacks is normally a case-by-case scenario, but generally you want to disable any sort of scripting input in your forms.

2. SQL Injections
SQL, as you may know, is a database language that is very popular. Popular technologies generally tend to be more tested for vulnerability, and SQL is no exception. SQL injections are where an attacker injects SQL code into particular locations that are then parsed as SQL code rather than sanitized entries for a normal database. The most primitive example of this looks something like this:

someText’ OR ‘1’=’1’ –

On the database side, this will look like this:

WHERE field = ‘someText’ OR ’1′=’1′ — the rest is commented out

As you can see, the user input creates a logical statement that will always be true, and any unnecessary code for the attacker can be commented out with –. SQL injections can be executed in a number of locations including fields, PHP POST data, and even in URLs in the form of GET data. Protecting against SQL injections can sometimes be tricky; however, proper sanitizing of inputs usually rids from unwanted attacks.

3. Directory Traversal
This method is particularly dangerous not only to the users of a website, but the actual admins of the website. Directory traversal involves improperly sanitized inputs (Unix commands in this case) leading to discovering highly sensitive server information such as server passwords and full root access to user databases or whatever the attacker wants to look at. This attack is shown in this example:

someURL/page.php?variable=../../../../../../../../../etc/passwd

As you can see, this attack is commonly used in GET data in the URL of a PHP, CGI, ASP, or other type of page. It uses ../ to traverse (hence the name ;] ) to a lower level directory (/etc/passwd) in this case.

Well that’s all for now! I’ll make a part 2 within the next week or so, so look out for that!

EDIT: Here is the second addition to this post.

Tweet This!