How to Hack Computers
A Guide to Hacking Computers for BeginnersContents
Continuation of ............previous part
Chapter 11 – Web-Based Vulnerabilities
1. SQL and SQLi Attacks
2. Cross-Site Scripting Techniques (XSS)
3. XSS Details and Web Browsers
4. Ways to Prevent SQLi and XSS
In Summary
Chapter 11 – Web-Based Vulnerabilities
Up until this point, we have been taking a look at how to hack physical devices. Web-based vulnerabilities, on the other hand, are a completely different animal. Instead of snooping around and trying to gain access to physical networks, employing reconnaissance techniques, and then looking for exploits to be used on hosts on the network, web based vulnerabilities can be carried out through a
web browser. There are many types of web based vulnerabilities, but the two of the greatest concern are SQLi (SQL Injection) and XSS (Cross-Site Scripting) attacks. These attacks are such a huge problem because they are carried out very frequently and the Internet if fraught with SQLi and XSS attack opportunities.
To better illustrate the point of how web vulnerabilities can be exploited from people in other countries, let’s consider the WordPress platform. For those of you who don’t know, WordPress is an extremely popular tool used to build websites that has a very intuitive visual interface. WordPress is able to add tons of features to any given website through downloadable code modules called plugins and widgets.
The only problem with these code modules is that you don’t know who created them. To be fair, WordPress does a fine job of keeping the modules that contain malicious code away from their web development platform, but the real problem lies within security. Even the best coders make security mistakes from time to time, but you have no way of knowing how security-conscious the author of your plugin was. As a result, we have seen hackers find exploits in some very popular plugins and take advantage of them. I’m talking about plugins that have been downloaded and installed on websites millions of times.
1. SQL and SQLi Attacks
First we need to begin with a brief description of SQL. SQL (Structured Query Language) is a high level language that is used to communicate with databases. It helps application developers and websites insert, update, and delete information in databases, and some of the queries are extremely powerful. For example, with one SQL command you could add one entry to a database or even delete all of the entries within an entire database.
By and large, external users of a website that utilizes a database don’t have access to the data contained within. If a website is properly secured, there isn’t a way for an attacker to steal data or edit the data in a database. There’s just one problem. Web forms frequently contain design flaws that leave them vulnerable to an SQLi (SQL Injection) attack, whereby a hacker can insert their own malicious code into a database to disrupt their records. Let’s start with a basic example so you can understand how your data is stored in a backend database when you enter information into a website.
For our example, let’s pretend that you were browsing the Internet on an ecommerce website and you are interested in purchasing a hard copy book. In order to fulfill your order, you would need to give the e-commerce company a lot of information including your name, street address, zip code, country, phone number, and payment card details. Most likely the website would first require you to create an account with a username and password. You enter all of this data into a form on the website, and that data is then “plugged in” to SQL code running in the background to properly store the data in a database.
Any good developer will first properly sanitize the data you entered, meaning that they will check for characters that don’t belong. For example, if the web form required you to enter your telephone number, properly sanitized data would generate a secure error message if you entered special characters into the field instead of numbers. You simply can’t call the number “867-530(“. The open parenthesis character doesn’t belong in the phone number field, so you wouldn’t be allowed to proceed with the registration process until you enter valid characters.
Using these types of injection techniques, hackers can do the following:
- Delete sensitive information
- Escalate their privileges in the website
- Create new administrative accounts
- Steal usernames and passwords
- Steal payment card data
- Garner complete control over a database
However, remember that hackers can’t do these things to every database. They can only perform these tasks on websites that are vulnerable to SQLi attacks.
2. Cross-Site Scripting Techniques (XSS)
If you’re not a techy or you haven’t had any exposure to website design, you probably haven’t heard of XSS before. But XSS attacks aren’t anything new. In fact, they have been used and abused since the 1990’s. But the variety of ways that XSS attacks cab be performed far outnumber SQLi attacks. For that reason, XSS is a much more flexible technique and it can be used to inject malicious code into a user’s web browser or even take over a session between a client and a server. To top it all off, a hacker doesn’t need to manually initiate the attack. Instead, it can all be carried out automatically. You would think that because these types of attacks are so old that their use and frequency would be waning,
but that just isn’t the case. Because of this, many white hat security professionals view XSS attacks as the bane of their existence. Sadly enough, they can be easily prevented but too many people fail to take adequate measures to protect themselves.
3. XSS Details and Web Browsers
Web browser technologies have been rapidly accelerating over the past 5 years, and they offer a ton of valuable software that is unprecedented in the Internet age. When you compare them to older browsers such as Netscape, the technologies they offer today seem truly staggering. However, all of the extra features and technologies that have been added to web browsers over the past decade have increased the opportunities for XSS hacks. The flaw all stems from
a web browser running a script.
HTML (Hyper Test Markup Language) is the most popular tool for formatting web content to date. By using tags in the code, HTML is able to change the appearance of data on web sites. The problem is a troublesome tag that allows websites to embed scripts. When your web browser encounters the <SCRIPT> tag in HTML, it will automatically execute the code contained therein. Though this is good because it drastically increases the usefulness of your web browser, it is a pain in the neck for security professionals. What if the script that your browser ran was a giant hunk of malicious code? The end results aren’t too pretty.
To help you better understand how these types of attacks work, let’s use the example of joining a forum. The forum requires you to fill out information about yourself, such as a bio, an avatar, and a screenname. In addition, this forumallows you to view other members’ profiles and even chat with them directly on the forum via private messages. One day, you are browsing through the forum and you see a post by a member that absolutely blew your mind. To further investigate the source of the amazing content, you click on this user’s profile page.
4. Ways to Prevent SQLi and XSS
Fortunately there are few things people can do to mitigate XSS attacks. First of all, as a web surfer you should be sure that you disable cookies. They are necessary for a few sites, but there are many types of malicious cookies that can be used against you. Don’t make the mistake of becoming too lazy to remember your passwords by relying on cookies to automatically log you in to your favorite sites. This is a huge mistake, and those cookies are a low-hanging fruit to a hacker. You would also certainly want to disable flash cookies, as they have been taken advantage of time and time again to steal information from naïve and innocent users.
From the perspective of a web designer, proper mitigation of XSS attacks begins with sanitizing your data. As they say, an ounce of prevention is worth a pound of cure. If web designers always took appropriate measures to sanitize data then we would see few (if any) XSS attacks at all. Even though it sounds like a simple concept, you would be shocked to learn some of the corporations that have been exploited with an XSS vulnerability. Many of the largest corporations in the world such as Facebook, Google, Twitter, and other mega-corporations have been victimized by these types of attacks because they made a mistake with data sanitization.
In Summary
When you think of hacking, you probably didn’t think of injecting database code into a website via a web form or a script. But these types of hacks are becoming increasingly more common. These two techniques are incredibly dangerous because they don’t throw as many antivirus software or operating systemwarnings when they occur, allowing them to hack a target without leaving a trace of evidence.
0 Comments