Web applications becomes more and more important for private persons and for businisses, so naturally they become more and more attractive as another attack surface.
Table of Contents
Cross-Site Scripting
Abbrevations: XSS
-
Reflective XSS is when the exploit code is not stored anywhere but the user has to trigger it through, for example, a specially crafted URL. If the code is removed from the URL, nothing will happen.
-
Stored XSS is when the code is stored, for example, in a database or a text file. This code will the run every time a user visits a page that pulls the code from wherever it’s stored.
SQL Injection
Abbrevations: SQLi
Techniques
-
Union based injection is the simplest form of injection. It relies on the ability to use “union select” queries constructed by the attacker to exfiltrate data from the database.
-
Error based injections depends on verbose error messages being printed to the page. Specially crafted payloads can then take advantage of this to exfiltrate arbitrary data into the error message
-
Blind boolean based injection prints no information to the page. It is performed by asking the database server a series of true and false questions, and takes advantage of differences in the page presented to the user to determine if a request was successful or not.
-
Blind time based injection is partially like “blind boolean”, except that it’s not using differences in response content to determine success or failure. Instead the query is crafted in a way that tells the database server to “sleep”, or wait, for X amount of seconds before responding based on the result of the query.
Cross-Site Request Forgery
Abbrevations: CSRF, XSRF
File Inclusion
Abbrevations:
LFI - Local File Inclusion
RFI - Remote File Inclusion