With this article, we list some of the common web application attacks, impacts, and possible mitigation. In part -3 we are covering the following attacks.
Cross-site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of JavaScript) to another user.
Assessor observed that application is not validating contents of the input file being uploaded in the application as banner and responding to the browser for execution which leads to XSS (cross-site scripting).
Impact – A browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
The application must perform validation of all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against a rigorous specification of what should be allowed. Also filter the content of image files being uploaded to the server.
Any meta-characters should be filtered for, in all input accepting fields, both at the client-side as well as sever-side.
Server-side validation is mandatory. The validation should not attempt to identify active content and remove, filter, or sanitize it. Encoding user supplied output can also defeat XSS vulnerabilities by preventing inserted scripts from being transmitted to users in an executable form.
The application must be configured to filter meta-characters and unexpected characters such as:
Character | Encoding | Character | Encoding | |
< | < or < | ) | ) | |
> | > or > | # | # | |
& | & or & | % | % | |
“ | " or “ | ; | ; | |
‘ | ' or ‘ | + | + | |
( | ( | – | – |
When an application allows some web Pages to be cached in the browser memory and thus they can be accessed even after the user has logged out.
Browsers may store a locally cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTP. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.
The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root.
Alternatively, most web development platforms allow you to control the server’s caching directives from within individual scripts. Ideally, the webserver should return the following HTTP headers in all responses containing sensitive content:
• Cache-control: no-store
• Pragma: no-cache
Also Check Course: Mastery Web Hacking and Penetration Testing Complete Bundle
The values passed in the HTTP Referrer header are not being validated properly. Referrer logging is used to allow websites and web browsers to identify where people are visiting them from, for promotional or security purposes. A referrer is a popular tool to combat CSRF (Cross-Site Request Forgery).
An attacker can leverage this flaw to avoid the logging feature of application. Also, this could lead to successful CSRF and referrer spoofing attacks.
The application should validate the values of HTTP Referrer header properly
If a tampered referrer header request is coming from a valid user session then the session should be invalidated and user should be logged out immediately to avoid CSRF attacks.
It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.
Impact- This attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim.
Mitigation
when the HTTP headers received as the response of HTTP service discloses information about the version of the web server.
An attacker can gain sensitive information about the target via HTTP headers. This information can help the attacker to build a platform for further attacks.
It is recommended that information such as internal IP, underlying technology, versions of OS, web server, or application server should not be disclosed via HTTP response headers.
Set the value of “RemoveServerHeader” to “1”
Binary planting is a general term for an attack where the attacker places a binary file containing malicious code to a local or remote file system in order for a vulnerable application to load and execute it.
Buffer Overflow Protection- compiler-enforced protection, which implements canary values to change the organization of stack-allocated data.
Binary stirring protects against this by randomizing the instruction addresses every time the executable is launched
Code pointer masking enforces “the correct semantics of code pointers” to protect an application.
you can read part 4 HERE.
Also Read
Web Application Attacks – Types, Impact & Mitigation – Part-1
Web Application Attacks – Types, Impact & Mitigation – Part-2
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…
View Comments
Hello, I am Serena and i liked your article alot you really did a great job. The article is Very Interesting and Informative at the same time, thanks for sharing this with us.