What is code injection?
• Code injection is the exploitation of a
computer bug that is caused by processing
invalid data.
...
Code injection
Code injection can do
• Arbitrarily modify values in a database
through a type of code injection called SQL
injection. The...
• Install malware or execute malevolent code on a
server, by PHP or ASP Injection.
• Privilege escalation to root permissi...
Different types of Code injection
• SQL injection
• LDAP Injection
• OS Command Injection
• Cross-Site Scripting (“XSS”)
SQL injection
SQL injection attack consists of injection of
malicious SQL commands via input data from the
client to the a...
SQL injection
SQL injection
• SQL injection consists of direct insertion of
code into user-input variables which are
concatenated with S...
SQL injection
A successful SQL injection exploit can
• Access sensitive data in the database,
• Modify database data,
• Ex...
Sample SQL injection
Examples of SQL injection
These attacks noted on the Eastern European website started early in
March and by Wednesday Marc...
Examples of SQL injection
Here is a diagram of how to protect against it
Examples of SQL injection
* At BIDMC, we chose to implement Third Brigade's Host Based Intrusion Protection software, the
...
LDAP Injection
• LDAP is Lightweight Directory Access
Protocol.
• LDAP injection is an attack technique of
exploiting web ...
LDAP Injection
LDAP Injection ?
• When a web application fails to properly
sanitise user-supplied input, it is possible for
an attacker t...
• This can cause serious security problems
where the permissions grant the rights to
query, modify or remove anything insi...
Examples of LDAP Injection
OS Command Injection
• OS Command Injection also called as Shell
Injection.
• OS command injection is also known as
Improp...
OS Command Injection?
• The user supplies all or part of malformed OS
command through a web interface.
• If the web interf...
Examples of OS Command Injection
Cross-Site Scripting (“XSS”)
• Cross-site Scripting (“XSS“) is a type of
injection attack, in which malicious scripts
are ...
Cross-Site Scripting (“XSS”)
Cross-Site Scripting (“XSS”)
Cross-Site Scripting (“XSS”)
• The malicious content sent to the web browser can
takes several forms including JavaScript,...
Cross-Site Scripting (“XSS”)
• Stored XSS (Persistent) – Stored XSS
attacks means that the injected
malicious code is perm...
Cross-Site Scripting (“XSS”)
Sample Stored XSS
Cross-Site Scripting (“XSS”)
• Reflected XSS (Non-Persistent) –
Reflected XSS attacks are those where the
injected code is...
Cross-Site Scripting (“XSS”)
Sample reflected XSS
Cross-Site Scripting (“XSS”)
• DOM (Document Object Model) Based
XSS – Unlike the previous two, DOM based
XSS does not req...
• That means, the page itself (HTTP
response) does not change, but the client
side code contained in the page executes
dif...
Cross-Site Scripting (“XSS”)
Sample DOM XSS
References:
http://geekdoctor.blogspot.com/2008_03_01_archive.html
http://simplicable.com/photo/224/LDAP-injection.html
ht...
Questions ?
Codeinjection
Upcoming SlideShare
Loading in …5
×

Codeinjection

470 views
421 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
470
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
35
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Codeinjection

  1. 1. What is code injection? • Code injection is the exploitation of a computer bug that is caused by processing invalid data. • Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. • The results of a code injection attack can be disastrous
  2. 2. Code injection
  3. 3. Code injection can do • Arbitrarily modify values in a database through a type of code injection called SQL injection. The impact of this can range from defacement of a web site to serious compromisation of sensitive data. • Install malware on a computer by exploiting code injection vulnerabilities in a web browser or its plugins when the user visits a malicious site.
  4. 4. • Install malware or execute malevolent code on a server, by PHP or ASP Injection. • Privilege escalation to root permissions by exploiting Shell Injection vulnerabilities in a setuid root binary on UNIX. • Privilege escalation to Local System permissions by exploiting Shell Injection vulnerabilities in a service on Windows. • Stealing sessions/cookies from web browsers using HTML/Script Injection (Cross-site scripting). Code injection can do
  5. 5. Different types of Code injection • SQL injection • LDAP Injection • OS Command Injection • Cross-Site Scripting (“XSS”)
  6. 6. SQL injection SQL injection attack consists of injection of malicious SQL commands via input data from the client to the application that are later passed to an instance of a database for execution and aim to affect the execution of predefined SQL commands.
  7. 7. SQL injection
  8. 8. SQL injection • SQL injection consists of direct insertion of code into user-input variables which are concatenated with SQL commands and executed. • A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. • When the stored strings are subsequently concatenated into a dynamic SQL commands, the malicious code is then executed.
  9. 9. SQL injection A successful SQL injection exploit can • Access sensitive data in the database, • Modify database data, • Execute administrative operations within the database (e.g. shutdown the DBMS), • Recover the content of a given file present on the DBMS file system • And in some cases issue commands to the operating system.
  10. 10. Sample SQL injection
  11. 11. Examples of SQL injection These attacks noted on the Eastern European website started early in March and by Wednesday March 12, 2008, 10,000 Web pages were compromised. Here is a diagram of how it is done
  12. 12. Examples of SQL injection Here is a diagram of how to protect against it
  13. 13. Examples of SQL injection * At BIDMC, we chose to implement Third Brigade's Host Based Intrusion Protection software, the Cool Technology of the Week. Third Brigade’s SQL Injection smart filter provides generic protection against SQL Injection attacks. * In addition, Third Brigade has released a specific exploit filter which identifies if a Web Site has been compromised and is serving malicious content to unsuspecting users. *Third Brigade provides protection against these Web Site attacks that are highly sophisticated and in some cases encoded using evasive techniques like URI encoding, double encoding, mixed case and non minimal UTF-8 encoding. * Install filters for known vulnerabilities in Browsers, Operating Systems and ActiveX Plugins * Install filters which prevent the user from accessing sites serving malicious pages. In this case, we released a specific protection which detects if the user visits a site that has malicious javascript in it. * Install filters which block domains which download the malware on the target machine. * Install filters detecting existence of known malware on the machine.
  14. 14. LDAP Injection • LDAP is Lightweight Directory Access Protocol. • LDAP injection is an attack technique of exploiting web applications that use client- supplied data in LDAP statements without first stripping potentially harmful characters from the request.
  15. 15. LDAP Injection
  16. 16. LDAP Injection ? • When a web application fails to properly sanitise user-supplied input, it is possible for an attacker to alter the construction of an LDAP statement. • Once an attacker is able to modify an LDAP statement, the process will run with the same permissions as the component that executed the command.(e.g. Database server, Web application server, Web server, etc.).
  17. 17. • This can cause serious security problems where the permissions grant the rights to query, modify or remove anything inside the LDAP tree. • The same advanced exploitation techniques available in SQL Injection can also be similarly applied in LDAP Injection. LDAP Injection?
  18. 18. Examples of LDAP Injection
  19. 19. OS Command Injection • OS Command Injection also called as Shell Injection. • OS command injection is also known as Improper Sanitisation of Special Elements used in an OS Command and is a technique used via a web interface in order to execute OS commands on a web server.
  20. 20. OS Command Injection? • The user supplies all or part of malformed OS command through a web interface. • If the web interface that is not properly sanitised the input is vulnerable to this exploit. • With the ability to execute OS commands, the user can inject unexpected and dangerous commands, upload malicious programs or even obtain passwords directly from the operating system.
  21. 21. Examples of OS Command Injection
  22. 22. Cross-Site Scripting (“XSS”) • Cross-site Scripting (“XSS“) is a type of injection attack, in which malicious scripts are introduced into the trusted websites. • This exploitation would occur when a web application uses user-supplied inputs as an output without validating or encoding it.
  23. 23. Cross-Site Scripting (“XSS”)
  24. 24. Cross-Site Scripting (“XSS”)
  25. 25. Cross-Site Scripting (“XSS”) • The malicious content sent to the web browser can takes several forms including JavaScript, VBScript, ActiveX, HTML, Flash or any other type of code that the browser may execute. • XSS attacks can generally be categorised into three types: - Stored, - Reflected and - Document Object Mode based (“DOM- Based”).
  26. 26. Cross-Site Scripting (“XSS”) • Stored XSS (Persistent) – Stored XSS attacks means that the injected malicious code is permanently stored on a target server such as a bulletin board, a visitor log, or a comment field, blogs, discussion boards. • When interacting with the target server, an end-user inadvertently retrieves and executes the malicious code from the server.
  27. 27. Cross-Site Scripting (“XSS”) Sample Stored XSS
  28. 28. Cross-Site Scripting (“XSS”) • Reflected XSS (Non-Persistent) – Reflected XSS attacks are those where the injected code is sent to a vulnerable web server that directs the crosssite attack back to the user’s browser. • This type of attacks aims to trick the users by clicking on a malicious link or submitting a specially crafted form. • The user’s browser then executes the malicious code, assuming it comes from a trusted server.
  29. 29. Cross-Site Scripting (“XSS”) Sample reflected XSS
  30. 30. Cross-Site Scripting (“XSS”) • DOM (Document Object Model) Based XSS – Unlike the previous two, DOM based XSS does not require the web server to receive the malicious XSS payload. • Instead, in a DOM-based XSS, the attack payload is embedded in the DOM object in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner.
  31. 31. • That means, the page itself (HTTP response) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the local DOM environment. • This attack is usually achieved by sending malicious URL to the users. Cross-Site Scripting (“XSS”)
  32. 32. Cross-Site Scripting (“XSS”) Sample DOM XSS
  33. 33. References: http://geekdoctor.blogspot.com/2008_03_01_archive.html http://simplicable.com/photo/224/LDAP-injection.html http://www.istf.jucc.edu.hk/newsletter/IT_04/IT-4_Code_Injection.pdf
  34. 34. Questions ?

×