Cross-site scripting (XSS) is a type ofcomputer security
vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypassaccess controls such as the
same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented bySymantec as of 2007.[1]
Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site‘s owner.
session fixation
In computer network security, session fixation attacks attempt toexploit
the vulnerability of a system which allows one person to fixate (set) another person‘ssession identifier (SID). Most
session fixation attacks are web based, and most rely on session identifiers being accepted fromURLs (query
string) or POST data.
Bruteforce
A brute force attack can manifest itself in many different ways, but primarily consists in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. For the
sake of efficiency, an attacker may use a dictionary attack (with or without mutations) or a traditional brute-force attack (with given classes of characters e.g.: alphanumerical, special, case (in)sensitive). Considering a given method, number of tries, efficiency
of the system which conducts the attack, and estimated efficiency of the system which is attacked the attacker is able to calculate approximately how long it will take to submit all chosen predetermined values.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1]
SQL injection must exploit a security vulnerability in an application‘s software, for example, when user input is either incorrectly filtered forstring literal
escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attackvector for websites but can be used to attack any
type of SQL database.
Path traversal
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables
that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system
operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system.
This attack can be executed with an external malicious code injected on the path, like theResource Injection
attack. To perform this attack it’s not necessary to use a specific tool; attackers typically use a spider/crawler to detect all URLs available.
This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”.
SSL Login
Most web developers know that if their users enter a username and password to login to a site that isn‘t secured by an SSL certificate, an attacker can see their username and password in plain text. But making a secure login
form isn‘t always as simple as it sounds and many large web sites have done it incorrectly. Though it is often misunderstood, there are good ways and bad ways to secure your website‘s login form with SSL.
What are the risks? If an attacker can easily view someone‘s username and password, he can impersonate that user, and do massive damage by buying products, transferring money, reading email, etc. But there is a far more dangerous
possibility: Because (ahem, unintelligent) users often use the same password on many sites (using the same password for their bank account as their Facebook account), an attacker can potentially compromise many other accounts. If you let people store a password
with you, you must take responsibility for protecting it, even if the security of your own site isn‘t critical (e.g. a forum).
Access to admin Pages
The first possible vulnerability is essentially a configuration issue associated with the Portal Lis-
tener and modplsql. When these are installed, the default configuration allows all users access to
the Listener and modplsql administration pages.
A second potential vulnerability may occur if customers grant public access to PL/SQL proce-
dures, in particular those which access an Oracle database such as OWA, SYS and DBMS. Since
publicly accessible procedures may be accessed through a URL, it may be possible to invoke
these procedures through a URL and cause SQL statements to be executed on a back-end Oracle
database
URL Redirection
URL redirection, also called
URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly,domain redirection or
domain forwarding is when all pages in a URLdomain are redirected to a different domain, as when
wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org. URL redirection can be used for URL shortening, to prevent broken links when web pages are moved, to allow multiple domain names belonging to the same owner to refer to a singleweb site, to guide navigation into and
out of a website, for privacy protection, and for less innocuous purposes such asphishing attacks.
Session Exposed in URL
For example, an airline website might use the following URL: http://example.com/sale/saleitems?jsessionid=2P0OC2JSNDLPSKHCJUN2JV. Users may wish to share information about the sale on that page with their friends, so they email
them the link. When the friends follow the link they are unknowingly gaining access to the entire authenticated session, complete with credit card info. solutionNever put the session ID in a URL. Use POST rather than GET.