Application Exploits, Part III
CROSS-SITE SCRIPTING(XSS)
- Injection attack in which an attacker sends malicious code(client-side script) to a web application that a subsequent client runs
- Stored/persistent
- Attack data(script) stored discretely on the server
- Reflected
- Non-persistent attack in which attack code is sent to another client
- DOM(Document Object Model)
- XSS attack that uses XML, not HTML, to transport attack code
- Stored/persistent
CROSS-SITE REQUEST FORGERY(CSRF/XSRF)
- Similar to XSS; occurs within an authenticated session
- XSRF attacks a user
- Attacker can cause authorized user to take some action by clicking a link
CLICKJACKING
- Tricking user into clicking a different link or object that was intended
- Attackers can use transparent or opaque layers to embed attack links
SECURITY MISCONFIGURATION
- Directory traversal
- Allows users to navigate outside a web server's root directory
- Cookie manipulation
- Access to cookies can allow an attacker to change the way in which a web application operates in general, or just for a specific user/session
FILE INCLUSION
- Related to directory traversal
- Attacker is allowed to build path to .exe file or a file to access
- File can be local or remote
QUICK REVIEW
- XSS is an injection attack on a server using scripting code and has three types: stored/persistent, reflective, or DOM
- XSRF/CSRF attacks the user and occurs within an authenticated session
- XSS and XSRF both use client/server interaction to launch attacks based on specially crafted links or scripts
- Passive attacks exploits security misconfigurations (e.g directory traversal, cookie manipulation, and file inclusion)