Posts

SQL Injection Full tutorial with Example to dump Data.

Image
  SQL Injection (SQLi) Overview SQL injection may occcur when user or attacker controlled input is later incorporated into an SQL query which is built and executed by the web application. Web applications which do not implement code-data segmentation by using routines (i.e. - stored procedures, user-defined functions) may be vulnerable. Some sites attempt to parameterize queries which prevents SQL injection but fails to meet other objectives such as least-privilege.   Discovery Methodology Inject all available parameters of the web page with charaters reserved in SQL, PL/SQL, T-SQL, and MySQL. Examine responses for difference from responses with normal input. Additionally attempt to inject valid SQL statements including statements which cause errors, induce pauses, and cause differences when similar statements evaluate to true or false.   Hint: Use Burp-Suite and SQLMap to fuzz sites quickly Exploitation Determine the prefix and suffix needed to make the i...

Client-side Security Control Bypass with HTML ,CSS ,JavaScript

Image
  Client-side Security Control Bypass Overview Some web applications rely on client-side controls such as disabling form fields, limiting field size, JavaScript validation or other controls to prevent the user from sending malicious input. In all cases, any client-side control can be bypassed or ignored entirely. Not all applications that use client-side controls are vulnerable. Application which pair all client-side controls with an equivalent server-side version of the control may be secure. Quality applications often mirror all server-side controls with the client-side counterpart to reduce network traffic, prevent honest users from sending known-bad values and provide guidance. However applications depending solely on client-side controls are often vulnerable to injection and/or attacks on application logic. Discovery Methodology (Static source-code analysis) Applications using client-side controls will write the controls using client-side languages such as HTML, Ja...

How to use SQLMAP to test a website for SQL Injection vulnerability with example.

Image
  How to use SQLMAP to test a website for SQL Injection vulnerability with example. In this article I am explains how to test whether a website is safe from SQL injection using the SQLMAP penetration testing tool.   What is SQL Injection? SQL Injection is a code injection technique where an attacker executes malicious SQL queries that control a web application’s database. With the right set of queries, a user can gain access to information stored in databases. SQLMAP tests whether a ‘GET’ parameter is vulnerable to SQL Injection.   Where can you use SQLMAP? If you observe a web url that is of the form http://testphp.vulnweb.com/listproducts.php?cat=1, where the ‘GET’ parameter is in bold, then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database. Furthermore, SQLMAP works when it is php based. A simple test to check whether your website is vulnerable would to be to replace the value in...

Cascading Style Sheet (CSS) Injection

Image
  Overview Cascading style injection may occcur when user or attacker controlled input is later incorporated without being encoded into the web server response with a style attribute. In other words, the attacker can send input which later is incorporated into the web page the user receives. Discovery Methodology Inject all available parameters of the web page with a searchable string such as the word "CANARY" along with characters generally useful in writing HTML, JavaScript or other code. Search the response carefully noting any location where the test string appears unencoded in a style attribute. These locations may allow Cascading style injection. Hint: An example injection might be <CANARY={}""()'';#$--/>1. Adding a sequencial integer to the test input can help determine which of the inputs parameters resulted in the response string found. Exploitation Determine the prefix and suffix needed to make the injected code "fit" syntatically t...

JavaScript Object Notation (JSON) Injection

Image
Overview JSON injection may occcur when user or attacker controlled input is later incorporated without being encoded into the web server response. In other words, the attacker can send input which later is incorporated into the JSON response. Discovery Methodology JSON injection starts like any injection; find the possible input parameters including adding custom parameters (parameter addition attack) to see if the application will process them and place those inputs into the JSON returned by the server. (If we cannot get our input into the JSON returned by the server, we cannot inject the JSON.) Finding input parameters can be done using an ordinary Firefox browser. No special tools are required. This particular page has a drop down which is an input. Developers sometimes think that they control the web page. This of course is incorrect. The web page is running in the users browser. The user can do anything they want like change the page using Firebug. If you dont like that drop-down...