20.3.20. Application Attacks

20.3. Application Attacks

Injection Attacks

- Simply put: This is when a hacker tricks a program by feeding it bad, unexpected information (like secret commands) that the program then mistakenly runs. It's like slipping a dangerous instruction into a normal message, and the program blindly obeys it.

- Why it works: The program isn't properly checking or cleaning what you type or send.

- Impact: Can lead to stealing sensitive data, messing up the system, or even taking full control.

- Definition: Malicious input added to app fields.

- Common Types:

- SQL Injection

- HTML Injection

- XML Injection

- LDAP Injection

- Cause: Poor input validation.

- Defense: Input validation & secure coding.

SQL Injection

An attack where a hacker inserts malicious code into data inputs (like a login form) to trick a website's database into revealing, changing, or deleting sensitive information.

Attacks the website's back-end database, trying to steal or mess with stored data.

on database server

HTML Injection

when you trick a website into showing extra, unwanted content or changing how the page looks by putting special code into text fields that the website doesn't properly check.

adding<b> bold

usually in input field than adderss bar

on victim's web browser

XML Injection

tricking a program that uses XML (a way to organize data) into doing unintended things by adding your own hidden instructions or data into what you type.

LDAP Injection

Tricking a system that manages users and resources (like a company directory) by inserting special commands into your input. This can bypass logins or reveal private user info.

Buffer Overflow Attack

When an attacker writes more data into a buffer (memory space) than it can hold, causing it to overflow into adjacent memory.

- Goal: Change how the application behaves—either by crashing it, or by gaining elevated privileges.

- - Defense:

- Patch vulnerabilities.

- Use [[DEP]] (Data Execution Prevention).

- Use ASLR (Address Space Layout Randomization).

DEP

Data Execution Prevention

This tells certain memory areas, "You're just for data, no running code allowed!" so injected code can't work.

ASLR

Address Space Layout Randomization :

This constantly shuffles where important program parts are in memory, making it super hard for attackers to guess where to aim their harmful code.

Replay Attack

A replay attack is when an attacker captures valid data (like a login request) and re-sends it later to gain unauthorized access. They do not need to know the actual password, just have recording.

- It is a form of a Man-in-the-Middle (MitM) attack.

- Tools Used: Network sniffing, ARP poisoning.

- Defense: Encryption (e.g. TLS), use of nonces, session timeouts.

Privilege Escalation

- Privilege Escalation 🔓 = Gaining unauthorized access.

#### 🔓 Privilege Escalation (Gaining More Power)

📌 What it is?

- Attackers gain higher-level access than they should have.

📌 Types:

- Vertical Escalation – User → Admin (Higher Privileges).

- Horizontal Escalation – Same-level user → Another user’s account.

📌 How to Prevent?

✅ Apply Least Privilege Access (LPA) – Only give needed permissions.

✅ Patch OS & Software to fix privilege escalation vulnerabilities.

✅ Monitor User Activity for suspicious privilege changes.

- Patch known[[ CVE]]s (Common Vulnerabilities and Exposures).

- Use anti-malware with latest signatures.

- Use DEP & ASLR to block exploit paths.

CSRF

Cross-Site Request Forgery (CSRF)

other names XSRF/Sea Surf

an attack where you're tricked into unknowingly making an unwanted request to a website you're already logged into.

How it Works: Imagine you're logged into your online bank. An attacker might send you a deceptive email or link to another website. When you visit that attacker's site, it secretly contains code that tries to send a request to your bank. Because your browser is already logged into the bank (it has your session cookies), the bank's website sees this request as legitimate, even though you didn't knowingly initiate it.

- Defense:

- Use tokens (anti-forgery tokens).

- Verify referrer or origin.

- Log out of sensitive sites when not in use.

Directory Traversal

tricking a website into showing you files it shouldn't, by using "go back a folder" commands (like ../) in its web address.

- Impact: Attacker accesses sensitive files outside web root.

- Defense:

- Configure web server securely.

- Patch software & sanitize input paths.