Web Hacking and Security - Exploitation

Web Hacking &
Security 101
-Web Exploitation-
…
By Hery Intelligent Technology (HeryIT)
Malaysia Open Cyber Security (MyOPECS)
Web Hacking & Security – Web Exploitation Hery Intelligent Technology© 2023
Attack & Exploitation
Common Attack
Web exploitation is the process of exploiting
vulnerabilities in web-based applications to gain
Brute-force Attack DDoS Attack
access to sensitive data or control over the app.
Attackers can exploit these vulnerabilities to take Spam Attack SQL Injection
over the entire app, steal sensitive data, or use the
app to launch attacks on other systems. XSS Attack Broken Access Control
CSRF SSRF
SQL Injection Payload
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL
statements are inserted into an entry field for execution.
SQL Injection payload maybe different

Common use SQLi Payload
depends on the targeted database.
No Payload Description
The payload basically is an SQL statement 1 ‘ (single quote) To break the SQL Query
which use to break the original query and
2 ‘--+ Repair the query
manipulated to execute our query.
3 ‘ order by N--+ Enumerate column
This attack happens when the use input is not 4 ‘ union all select N--+ Enumerate vulnerable column
securely sanitized.
POST SQL Injection – Login Bypass
Payload: a’ or ‘a’=‘a
$sql = “SELECT * FROM users WHERE username = ‘” . $_POST[“uname”] .“’ AND password = …“
$_POST[“uname”] = “a”;
$sql = “SELECT * FROM users WHERE username = ‘a’ AND password = …“
$_POST[“uname”] = “a’ or ‘a’ = ‘a”;
$sql = “SELECT * FROM users WHERE username = ‘a’ or ‘a’=‘a’ AND password = …“
GET SQL Injection – Database Exploitation
Payload: a’ order by 1--+
Payload: -a’ union all select 1,2,3,4,5--+
$sql = “SELECT * FROM items WHERE id = ‘” . $_GET[“id”] .“’“;
$__GET[“id”] = “a”;
$sql = “SELECT * FROM users WHERE id= ‘a’”;
$_ GET[“id”] = “a’ order by 1-- ”;
XSS Payload
Cross-site scripting is a type of security
Common use XSS Payload vulnerability that can be found in some web
No Payload Description applications.
1 “/> To break the HTML element
XSS attacks enable attackers to inject client-
2 <h1>Hacked</h1> Check supported element side scripts into web pages viewed by other
3 <script>alert(‘test’)</script> Test JS injection users.
4 document.cookie Hijack cookie
A cross-site scripting vulnerability may be
used by attackers to bypass access controls
such as the same-origin policy.
Web Directory Listing
A directory listing vulnerability means that
the webserver lists the contents of its
directories, allowing the attacker to easily
browse all the files within the affected
directories.
Directory listing check can be done without

automation tools. But for large web
application, automation tools can be very
efficient.
Cross Site Request Forgery (CSRF)
CSRF is method that hackers use to make requests

from an unknown source which can lead to spam,
brute-force and DDoS attack.
These attack can be prevented by implementing

unique request token to avoid request from
unknown sources.
CSRF – Spam / DDoS Attack
1. Hacker make a normal
2. Server replies HTML form request to get server
without secure token information.
CSRF – Brute Force
1. Hacker make a normal
2. Server replies Login form request to get server
without secure token information.
Server Site Request Forgery (SSRF)
Server-side request forgery (also known as

SSRF) is a web security vulnerability that allows
an attacker to induce the server-side
application to make requests to an unintended
location.
In a typical SSRF attack, the attacker might

cause the server to make a connection to
internal-only services within the organization's
infrastructure.
Local File Inclusion (LFI)
Local File Inclusion is an attack technique in

which attackers trick a web application into
either running or exposing files on a web
server.
LFI attacks can expose sensitive information,

and in severe cases, they can lead to cross-site
scripting (XSS) and remote code execution.
Session Hijacking
The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain
unauthorized access to the Web Server.
For non-encrypted HTTP connection, a hacker can

steal user cookie data via XSS Attack (or other
client side attack) then the hacker can hijack
user’s account.
Broken Access Control (BAC)
Broken access controls are a commonly
encountered and often critical security
vulnerability.
Design and management of access controls is a

complex and dynamic problem that applies
business, organizational, and legal constraints to a
technical implementation.
Access control design decisions have to be made

by humans, not technology, and the potential for
errors is high.
End of slide…
Thank You!
+60 18-782 4900

[email protected]
https://myopecs.info/

Web Hacking and Security - Exploitation

Uploaded by

Copyright:

Available Formats

Web Hacking and Security - Exploitation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Web Hacking and Security - Exploitation

Uploaded by

Copyright:

Available Formats

Web Hacking &

SQL Injection payload maybe different

$sql = “SELECT * FROM users WHERE username = ‘a’ AND password = …“

$_POST[“uname”] = “a’ or ‘a’ = ‘a”;

$sql = “SELECT * FROM users WHERE id= ‘a’”;

$_ GET[“id”] = “a’ order by 1-- ”;

Directory listing check can be done without

CSRF is method that hackers use to make requests

These attack can be prevented by implementing

Server-side request forgery (also known as

In a typical SSRF attack, the attacker might

Local File Inclusion is an attack technique in

LFI attacks can expose sensitive information,

For non-encrypted HTTP connection, a hacker can

Design and management of access controls is a

Access control design decisions have to be made

+60 18-782 4900

You might also like