Web-Exposed Databases and Cross Site Scripting

Web-Exposed Databases and Cross Site Scripting for Cisco CyOps Associate

**Code Injection**

Attackers are able to execute commands on a web server’s OS through a web application that is vulnerable. This might occur if the web application provides input fields to the attacker for entering malicious data. The attacker’s commands are executed through the web application and have the same permissions as the web application. This type of attack is used because often there is insufficient validation of input.

**SQL Injection**

Threat actors use SQL injections to breach the relational database, create malicious SQL queries, and obtain sensitive data from the relational database.

**Cross-Site Scripting**

Where web pages that are executed on the client-side, within their own web browser, are injected with malicious scripts.

Stored (persistant) XSS

This is permanently stored on the infected server and is received by all visitors to the infected page.

**Reflected (non-persistent) XSS**

This only requires that the malicious script is located in a link and visitors must click the infected link to become infected.