 |
In the world of computer security, there are numerous vulnerabilities that can compromise the integrity and security of a system.
In this article, we will examine in detail some of the most common and dangerous vulnerabilities, providing in-depth explanations, practical examples and strategies to prevent them.
Finally, a very useful site to bookmark!
1. SQL Injection (SQLi)
Description: SQL Injection is a type of attack that exploits vulnerabilities in database management systems. This occurs when a web application accepts user input without sanitization, allowing an attacker to inject malicious SQL code. If an application does not properly validate input, a hacker could manipulate SQL queries to access sensitive information or even modify data.
Practical example: Let's imagine a login form with the following code in PHP:
If an attacker enters the following input in the "username" field:
The resulting query will be:
Since '1'='1' is always true, the system will authenticate the attacker without knowing the credentials.
Prevention:
Use parameterized queries and prepared statements to avoid directly inserting user input into queries.
Validate the input with specific filters, accepting only data that conforms to the expected parameters.
Restrict database account privileges so that a user cannot run dangerous queries.
Use Web Application Firewalls (WAF) to detect and block SQL injection attempts.
2. Cross-Site Scripting (XSS)
Description: Cross-Site Scripting (XSS) allows an attacker to inject malicious scripts into web pages viewed by other users. This type of attack uses unsanitized input that is displayed in the victim's browser, allowing them to steal cookies, sessions, or perform other malicious actions.
Practical example: A comment field on a website allows users to enter text. If the application does not properly sanitize the input, an attacker could enter:
If another user views the comment, the script will execute and send the victim's cookies to the attacker, allowing them to steal the session.
Prevention:
Sanitize and validate all user input before displaying it on the site. An effective technique is to use escaping to convert special characters into HTML entities, preventing malicious code execution. For example, in PHP you can use
htmlspecialchars($input, ENT_QUOTES, 'UTF-8')to convert<script>in<script>, thus preventing the insertion of executable code.Use Content Security Policy (CSP) to restrict the execution of unauthorized scripts.
Avoid using innerHTML and opt for safer methods like textContent in JavaScript.
Set HttpOnly and Secure in cookies to prevent JavaScript theft.
3. Clickjacking
Description: Clickjacking is a technique that tricks users into clicking on hidden elements of a web page, such as invisible buttons overlaid on other content. This attack can be exploited to perform unwanted actions without the user noticing.
Practical example: A malicious site may load a bank's money transfer form inside a transparent iframe. The user, believing they are clicking on a harmless link, instead authorizes a fraudulent payment.
Prevention:
Use the X-Frame-Options: DENY header to prevent your site from loading in an iframe.
Implement Content Security Policy (CSP) with the frame-ancestors directive to limit embedding into other pages.
Require explicit confirmations for critical actions like money transfers or changes to settings.
4. Cross-Site Request Forgery (CSRF)
Description: CSRF forces an authenticated user to perform unwanted actions on a website without their consent. This attack exploits the browser's trust in active sessions.
Practical example: An attacker sends an email containing the following code:
If the user is authenticated at example.com, the request will be executed, deleting their account.
Prevention:
Use CSRF tokens in forms and HTTP POST requests.
Set the SameSite=Strict header in cookies to limit automatic sending of cookies between different sites.
Require multi-factor authentication (MFA) for critical operations.
5. Unencrypted Communication
Description: Unencrypted communications can be intercepted by attackers, allowing credentials and sensitive data to be stolen. One of the most common attacks related to this vulnerability is Man-in-the-Middle (MITM), where an attacker places themselves between two communicating parties, intercepting and potentially altering the data being transmitted. This can happen, for example, on unprotected public Wi-Fi networks, where a hacker can sniff traffic and steal sensitive information such as passwords and banking details.
Practical example: A user connects to a public Wi-Fi and enters their credentials into an HTTP site. A hacker on the same network can intercept the data using Wireshark.
Prevention:
Use HTTPS with SSL/TLS certificates.
Disable insecure protocols like TLS 1.0 and 1.1.
Use VPN to secure your connection on public networks.
6. DNS Poisoning
Description: DNS poisoning, also known as DNS cache poisoning, is an attack that alters DNS resolutions to redirect users to malicious websites without their knowledge. This attack relies on the injection of fraudulent data into DNS servers, causing a legitimate domain to point to an IP address controlled by the attacker. Once the user is tricked into visiting the spoofed website, they may be the victim of phishing, credential theft, or malware infection. DNS poisoning can also be used to launch large-scale attacks, preventing users from accessing critical services and spreading disinformation.
Practical example: A user types in example.com, but a poisoned DNS redirects them to a clone site that steals their credentials.
Prevention:
Use DNSSEC to ensure the integrity of DNS responses.
Monitor DNS requests for anomalies.
Use reliable and up-to-date DNS servers.
7. User Enumeration
Description: User Enumeration is a vulnerability that allows attackers to determine if a particular username exists on a system. This can be exploited for brute force attacks or targeted phishing.
Practical example: If a site displays different error messages for existing and non-existing users, an attacker can try different usernames and determine which are valid. For example, in a login form if the username is incorrect, the system should not display the message "Invalid username" as this helps the attacker determine whether a username exists or not by continuing to try until the message disappears.
Prevention:
Use generic error messages.
Implement rate limiting for failed login attempts.
Use CAPTCHA to prevent automated attacks.
8. File Upload Vulnerabilities
Description: Allowing users to upload files without proper checks may allow malicious code to be executed on the server.
Practical example: An attacker uploads a .php file with executable code that allows them to gain remote access to the server.
Prevention:
Restrict the allowed file types.
Store uploaded files in a separate directory without execute permissions.
Use randomized file names to avoid attacks based on predictable paths.
9. Session Fixation
Description: This attack exploits the reuse of existing sessions to authenticate as another user.
Practical example: An attacker manually sets a session cookie for the victim and convinces them to use it. When the victim logs in, the attacker can access their session.
Prevention:
Regenerate session ID after login.
Set session expiration.
Use secure cookies with HttpOnly and Secure.
10. Logging and Monitoring
Description: Poor log and monitoring management can lead to the inadvertent disclosure of sensitive information, making it easier for cyberattacks to occur. If an application provides too specific technical details in error messages or publicly accessible logs, an attacker could use them to find vulnerabilities in the system.
Practical example: An application returns the following error when a user attempts to access a protected resource without authorization:
This message reveals information about the systems being used, helping an attacker plan targeted attacks.
Prevention:
Avoid detailed error messages to the end user.
Protect log files to prevent unauthorized access.
Implement a centralized monitoring system to analyze and detect anomalous login attempts.
Set up automatic alerts for suspicious activity such as multiple failed login attempts.
11. Cross-Site Script Inclusion (XSSI)
Description: Cross-Site Script Inclusion (XSSI) is a vulnerability that allows an attacker to steal sensitive data contained in JavaScript files served from a server. This attack exploits the fact that browsers will execute any JavaScript included in a page without restriction, making it possible to access private information if adequate security measures are not taken.
Practical example: Suppose a web application exposes a JavaScript file containing sensitive configurations:
// config.jsvar apiKey = "1234567890abcdef";var userRole = "admin";
If an attacker manages to include this script in his malicious page, he can access the variables defined within it:
<script src="https://example.com/config.js"></script><script>console.log(apiKey); // Attacker gets "1234567890abcdef"console.log(userRole); // Attacker gets "admin"</script>
Prevention:
Do not include sensitive data in public JavaScript files.
Properly configure HTTP headers, such as X-Content-Type-Options: nosniff, to prevent JSON files from being executed as JavaScript.
Use appropriate authentication and authorization to limit access to sensitive data.
Implement Same-Origin Policy (SOP) to prevent unauthorized access to scripts from other domains.
12. Password Mismanagement
Description: Poor password management can expose users to security breaches. This includes using weak passwords, storing credentials insecurely, and failing to implement password expiration policies.
Practical example: A system saves passwords in clear text in the database:
INSERT INTO users (username, password) VALUES ('user1', 'password123');
If a hacker gains access to the database, he can read the passwords without any protection.
Prevention:
Force the use of complex passwords with minimum length and complexity requirements.
Store passwords securely using strong hashing algorithms like bcrypt or Argon2.
Implement multi-factor authentication (MFA) to reduce the risk of account compromise.
Avoid sending clear text passwords via email or storing credentials in unencrypted text files.
A useful site for further information
To better understand these vulnerabilities and test them in a safe environment, you can visit the site Hacksplaining.
This site offers a wide range of interactive lessons that detail the most common vulnerabilities, showing real-world examples of exploits, and providing hands-on exercises to experiment and learn how to mitigate them.
Each lesson guides you through simulated attacks, explaining the principles behind each threat, and providing practical advice for effective defense. This hands-on approach provides a deep understanding of cyber vulnerabilities and the best strategies for prevention.
Follow me #techelopment
Official site: www.techelopment.it
facebook: Techelopment
instagram: @techelopment
X: techelopment
Bluesky: @techelopment
telegram: @techelopment_channel
whatsapp: Techelopment
youtube: @techelopment
