Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FILE INCLUSION VULNERABILITY
- ===========================
- File Inclusion Vulnerability leads a Attacker to access the already included files which are already present on the Web Server and may contain some Critical Data.
- So by accessing those files through URL, the Attacker can use that critical data which contains the critical data and misuse that.
- ./ - Forward
- ../ - Backwards
- TYPES OF FILE INCLUSION :
- = LFI - Local File Inclusion (LFI) vulnerabilities allow an attacker to read (and sometimes execute) files on the victim machine. This can be very dangerous because if the web server is misconfigured and running with high privileges, the attacker may gain access to sensitive information.
- = RFI - Remote File Inclusion (RFI) vulnerabilities are easier to exploit but less common. Instead of accessing a file on the local machine, the attacker is able to execute code on the Remote Web Application Server.
- ./ : Forward
- ../ : Backwards
- /etc/passwd : stores essential file which is used while loging in to the system. In other words it contains the user and password of the users in a text file. It also tells us about the user id, group id, shell, etc etc…
- Proc/self/environ
- Demonstration of LFI on DVWA.
- STEPS :
- (../) - Going a Folder Backwards.
- = http://127.0.0.1/dvwa/vulnerabilities/fi/?page=../../../../../../etc/passwd
- Getting the data in warning and errors by back slashing (../) .
- ------------------------------------------------------------------------------------------------------------------------------------
- COMMAND EXECUTION VULNERABILITY
- =================================
- Command injection/execution is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data to a system shell (CMD). In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application.
- PIPE : " | "
- Used for running multiple commands at the same time.
- eg. "ipconfig | dir"
- Demonstration on LVS and DVWA.
- STEPS - Pinging on the Input Method of the Web Application.
- ------------------------------------------------------------------------------------------------------------------------------------
- TASK
- =====
- 1. Finding 5 Commands that can work for Command Execution/Injection.
- 2. Proc/self/environ
- --------------------------------------------------------------------------------------------------------------
- XSS - CROSS SITE SCRIPTING
- ===========================
- Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
- Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.
- Flaw of XSS
- ============
- When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
- For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.
- TYPES OF XSS
- =============
- 1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
- 2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
- 3. DOM Based XSS : Document Object Module Based XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. For eg. in (document.write) etc.
- DEMONSTRATION on LVS and DVWA
- =============================
- STEPS
- =====
- = Finding any XSS vulnerable web application, DVWA and LVS.
- = Reflected XSS (LOW in DVWA, LVS)
- = <script>alert("hacked")</script> //this will create a pop up named kartik
- = Stored XSS (LOW in DVWA, LVS)
- = Name : kartik Message : <script>alert("xss vulnerability")</script> // storing in thge Database.
- = Reflected XSS (MEDIUM in DVWA, LVS)
- Here <script>alert("test")</script> will not work. Because the source code has performed validation checks and sanitization.
- Validation Check / Sanitization says > replace "<script>"
- = ways to bypass XSS in medium security
- 1. <script> <script>
- 2. <script lan=eng>
- 3. <ScRipt>
- 4. <scr<script>ipt> ---> <script> --> <scr ipt> --> <script>
- = <ScRiPt>alert("test")</script>
- = Cookie Stealing
- To steal the cookie of the website > affecting on (document.cookie)
- <ScRiPt>alert(document.cookie)</script>
- -------------------------------------------------------------------------------------------------------------
- https://lucideustech.blogspot.in/2018/03/a-definitive-guide-to-session-hijacking.html
- ------------------------------------------------------------------------------------------------------------
- BROKEN AUTHENTICATION AND SESSION MANAGEMENT
- =============================================
- Broken Authentication and Session Management is two different vulnereabilities. Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
- Broken Authentication leads to Weak Login Credentials a Web Application authentication check is having, and Session management leads to the exposure of sensitive Session IDs.
- IRAJ LOGGED IN INTO PNB - 21071993 - fRyuT5478hFde56
- Demonstration of Broken Authentication and Session Management in LVS.
- Session Management Example :
- pnb login > session created > sessiion id = 123545677gcccgz89
- ATTACKER > steal the session id > behave like a victim and go to pnb site > session id of the attacker, he/she can change it with the viictim's session id ie, session id=12354567789 in the same version of we browser and same enviornment.
- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- FUNCTION on XSS high: onload , onfocus
- TASK
- ====
- 1. hackertest.net
- 2. https://xss-game.appspot.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement