Penetration Test

Application Exploits, Part III

CROSS-SITE SCRIPTING(XSS)

• Injection attack in which an attacker sends malicious code(client-side script) to a web application that a subsequent client runs
  • Stored/persistent
    • Attack data(script) stored discretely on the server
  • Reflected
    • Non-persistent attack in which attack code is sent to another client
  • DOM(Document Object Model)
    • XSS attack that uses XML, not HTML, to transport attack code

CROSS-SITE REQUEST FORGERY(CSRF/XSRF)

• Similar to XSS; occurs within an authenticated session
• XSRF attacks a user
• Attacker can cause authorized user to take some action by clicking a link

CLICKJACKING

• Tricking user into clicking a different link or object that was intended
• Attackers can use transparent or opaque layers to embed attack links

SECURITY MISCONFIGURATION

• Directory traversal
  • Allows users to navigate outside a web server's root directory
• Cookie manipulation
  • Access to cookies can allow an attacker to change the way in which a web application operates in general, or just for a specific user/session

FILE INCLUSION

• Related to directory traversal
• Attacker is allowed to build path to .exe file or a file to access
• File can be local or remote

QUICK REVIEW

• XSS is an injection attack on a server using scripting code and has three types: stored/persistent, reflective, or DOM
• XSRF/CSRF attacks the user and occurs within an authenticated session
• XSS and XSRF both use client/server interaction to launch attacks based on specially crafted links or scripts
• Passive attacks exploits security misconfigurations (e.g directory traversal, cookie manipulation, and file inclusion)