|
|
(32 intermediate revisions by 4 users not shown) |
Line 1: |
Line 1: |
− | = Web Exploitation =
| + | #REDIRECT: [[:Category:Web exploitation]] |
− | | + | |
− | Web exploitation is the attacking and taking advantage of a [[vulnerability]] in a computer system through a [[web applications|web application]]. There are numerous ways to exploit [[vulnerability|vulnerabilities]] so only some of the basics will be covered here. The topics covered in this series can be dangerous enough to compromize an [[HTTP]] server's database, code, or allow a remote shell.
| + | |
− | | + | |
− | Many web sites run [[web applications]] for the purpose of dynamic content. Usually this would include an [[SQL]] [[database]] backend of some sort, and a [[web applications|web application]] (like forums, talkboards, content management systems, and blogs) to interface with the [[SQL]] [[database]]. Therefore the affected languages are anything that can be used as an interface over [[HTTP]] to dynamic content.
| + | |
− | | + | |
− | When penetration testing a site, it is different than penetration testing a network, and different than penetration testing a server. However, it is good to point out, that by compromising one of these layers, the other layers can be compromised in the future. Web application vulnerabilities are currently the most prominent vulnerabilities exploited by [[cybercriminals]].{{warning|Exploiting these vulnerabilities without written authorization could criminalize you in many countries and most likely the one you live in.}}
| + | |
− | | + | |
− | = Affected Languages =
| + | |
− | | + | |
− | *[[PHP]]
| + | |
− | *[[Perl]]
| + | |
− | *[[ASP]]
| + | |
− | *[[Ruby]]
| + | |
− | *[[Python]]
| + | |
− | *Anything powered by [[CGI]]
| + | |
− | | + | |
− | = Types of Exploitation =
| + | |
− | | + | |
− | *'''[[XSS|Cross Site Scripting]]'''{{info|XSS can be used to capture logins and sessions or a page redirect if a user clicks a malicious link.}}
| + | |
− | *'''[[SQL injection|SQL Injection]]'''{{info|SQL injection can be used to copy, modify, or delete the affected application's database, and in some cases create a remote shell on the affected system.}}
| + | |
− | *'''[[Local_File_Inclusion|File Inclusion]]'''{{info|File inclusion vulnerabilities can be exploited to create a remote shell, which can lead to database manipulation and file tampering.}}
| + | |
− | *'''[[Command Injection]]'''{{info|Command injection effectively hands a remote shell to an attacker by arbitrary bash or ms-dos command execution.}}
| + | |
− | *'''[[CSRF|Cross Site Referral Forgery]]'''{{info|CSRF allows an attacker to perform actions as any unsuspecting user that clicks a link or loads a page on a separate domain from the affected site while logged into the affected site.}}
| + | |
− | *'''[[XSCF|Cross Site Content Forgery]]'''{{info|XSCF Sends different data to different hosts. This way, if a piece of malware is able to recognize the source machine as something analyzing it, the malware can return something innocent while normal users are directed to something malicious.}}
| + | |
− | *'''[[XSRF]]'''([[XSS]] mixed with [[CSRF]]){{info|XSRF is using XSS to produce a same-domain URL that will perform actions as the logged in user}}
| + | |
− | *'''[[RoR_Patching#Params_Injection_.26_Mass_Assignment_Abuse|Mass Assignment Abuse]]{{info|Mass assignment abuse can allow an attacker to directly overwrite database values without having to write any [[SQL]] queries and without the use of [[SQL injection]].}}
| + | |
− | | + | |
− | | + | |
− | = Attack Vectors =
| + | |
− | | + | |
− | *[[HTTP]] GET request parameters (Variables in the URL){{notice|Rewritten or "clean" URL's can have GET parameters too!}}
| + | |
− | *[[HTTP]] POST request parameters (Fields and fieldsets in web forms){{notice|You can send post parameters to a URL that has GET parameters!}}
| + | |
− | *[[HTTP]] Header parameters (Variables passed by header information){{notice|This includes cookies, user agents, connection type, and more}}
| + | |
− | | + | |
− | == Tools ==
| + | |
− | | + | |
− | *[http://cirt.net/nikto2 Nikto]
| + | |
− | *[http://www.sensepost.com/labs/tools/pentest/wikto Wikto]
| + | |
− | *[http://www.0x90.org/releases/absinthe/ Absinthe]
| + | |
− | | + | |
− | {{series
| + | |
− | | Name = Web Exploitation
| + | |
− | | PartOf = Web applications
| + | |
− | }}
| + | |