首页 > 代码库 > Vulnerability checks
Vulnerability checks
Cross-site scripting (XSS) is a type ofcomputer securityvulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypassaccess controls such as thesame origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented bySymantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site‘s owner.
session fixation
In computer network security, session fixation attacks attempt toexploit the vulnerability of a system which allows one person to fixate (set) another person‘ssession identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted fromURLs (query string) or POST data.
Bruteforce
A brute force attack can manifest itself in many different ways, but primarily consists in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. For the sake of efficiency, an attacker may use a dictionary attack (with or without mutations) or a traditional brute-force attack (with given classes of characters e.g.: alphanumerical, special, case (in)sensitive). Considering a given method, number of tries, efficiency of the system which conducts the attack, and estimated efficiency of the system which is attacked the attacker is able to calculate approximately how long it will take to submit all chosen predetermined values.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application‘s software, for example, when user input is either incorrectly filtered forstring literalescape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attackvector for websites but can be used to attack any type of SQL database.
Path traversal
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system.
This attack can be executed with an external malicious code injected on the path, like theResource Injection attack. To perform this attack it’s not necessary to use a specific tool; attackers typically use a spider/crawler to detect all URLs available.
This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”.
SSL LoginMost web developers know that if their users enter a username and password to login to a site that isn‘t secured by an SSL certificate, an attacker can see their username and password in plain text. But making a secure login form isn‘t always as simple as it sounds and many large web sites have done it incorrectly. Though it is often misunderstood, there are good ways and bad ways to secure your website‘s login form with SSL.
What are the risks? If an attacker can easily view someone‘s username and password, he can impersonate that user, and do massive damage by buying products, transferring money, reading email, etc. But there is a far more dangerous possibility: Because (ahem, unintelligent) users often use the same password on many sites (using the same password for their bank account as their Facebook account), an attacker can potentially compromise many other accounts. If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn‘t critical (e.g. a forum).
Access to admin PagesURL Redirection
URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly,domain redirection ordomain forwarding is when all pages in a URLdomain are redirected to a different domain, as whenwikipedia.com and wikipedia.net are automatically redirected to wikipedia.org. URL redirection can be used for URL shortening, to prevent broken links when web pages are moved, to allow multiple domain names belonging to the same owner to refer to a singleweb site, to guide navigation into and out of a website, for privacy protection, and for less innocuous purposes such asphishing attacks.
Session Exposed in URL
For example, an airline website might use the following URL: http://example.com/sale/saleitems?jsessionid=2P0OC2JSNDLPSKHCJUN2JV. Users may wish to share information about the sale on that page with their friends, so they email them the link. When the friends follow the link they are unknowingly gaining access to the entire authenticated session, complete with credit card info. solutionNever put the session ID in a URL. Use POST rather than GET.
Vulnerability checks