EXPERIMENT 10

CLASS: TE CMPN A ROLL NO. : 19

NAME: REBECCA DIAS PID: 182027

Aim: To study simulation of SQL injection attack and Cross-Site Scripting attack

Tools: Website/Java/Python/PHP/MySQL

Theory:
a) Study XSSattack
● Cross site scripting (XSS) is a common attack vector that injects malicious code into a
vulnerable web application. XSS differs from other web attack vectors (e.g., SQL
injections), in that it does not directly target the application itself. Instead, the users of the
web application are the ones at risk.
● A successful cross site scripting attack can have devastating consequences for an online
business’s reputation and its relationship with its clients.
● Depending on the severity of the attack, user accounts may be compromised, Trojan
horse programs activated and page content modified, misleading users into willingly
surrendering their private data. Finally, session cookies could be revealed, enabling a
perpetrator to impersonate valid users and abuse their private accounts.

Cross site scripting attacks can be broken down into two types: stored and reflected.

● Stored XSS, also known as persistent XSS, is the more damaging of the two. It
occurs when a malicious script is injected directly into a vulnerable web
application.
● Reflected XSS involves the reflecting of a malicious script off of a web
application, onto a user’s browser. The script is embedded into a link, and is only
activated once that link is clicked on.

b) How SQL Injection Works.

SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute
malicious SQL statements. These statements control a database server behind a web
application. Attackers can use SQL Injection vulnerabilities to bypass application
security measures. They can go around authentication and authorization of a web page or
web application and retrieve the content of the entire SQL database. They can also use
SQL Injection to add, modify, and delete records in the database.
 An SQL Injection vulnerability may affect any website or web application that uses an
SQL database such as MySQL, Oracle, SQL Server, or others. Criminals may use it to
gain unauthorized access to your sensitive data: customer information, personal data,
trade secrets, intellectual property, and more.

c) Preventive Measures.

1.Trust no-one: Assume all user-submitted data is evil and validate and sanitize
everything.

2. Don't use dynamic SQL when it can be avoided: used prepared statements,
parameterized queries or stored procedures instead whenever possible.

3.Update and patch: vulnerabilities in applications and databases that hackers can
exploit using SQL injection are regularly discovered, so it's vital to apply patches and
updates as soon as practical.

4.Firewall: Consider a web application firewall (WAF) – either software or appliance

based – to help filter out malicious data. A WAF can be particularly useful to provide
some security protection against a particular new vulnerability before a patch is available.

5.Reduce your attack surface: Get rid of any database functionality that you don't need
to prevent a hacker taking advantage of it.

6.Use appropriate privileges: don't connect to your database using an account with
admin-level privileges unless there is some compelling reason to do so.

7.Keep your secrets secret: Assume that your application is not secure and act
accordingly by encrypting or hashing passwords and other confidential data including
connection strings.

8.Don't divulge more information than you need to: hackers can learn a great deal
about database architecture from error messages, so ensure that they display minimal
information. Use the "RemoteOnly" customErrors mode (or equivalent) to display
verbose error messages on the local machine while ensuring that an external hacker gets
nothing more than the fact that his actions resulted in an unhandled error.

9.Don't forget the basics: Change the passwords of application accounts into the
database regularly.

10.Buy better software: Make code writers responsible for checking the code and for
fixing security flaws in custom applications before the software is delivered.
Program:

a) Implement a Web application and demonstrate XSS attack.

b) Implement a web application with back end in MySQL and demonstrate
SQL injection.
Union select
'union select user(),database()#
'union select 1,group_concat(table_name) from information_schema.tables where table_schema='dvwa'#

'union select group_concat(column_name), 2 from information_schema.columns where

table_name='users'#

'union select user,password from users#

Order by 1 -- -
Order by 2 -- -

Order by 3 -- -
Order by 4 -- -

Order by 5 -- -
Order by 6 -- -

Union select 1,2,3,4,5-- -

Union select 1,@@version,3,4,5-- -

Union select 1,database(),3,4,5-- -

CONCLUSION:

From this experiment we learnt two new attacks namely cross site scripting attack and SQL
injection attack. In cross site scripting attack which is client side code injection we add malicious
scripts which are legitimate for websites and get important information whereas in SQL injection
we will execute malicious SQL statements and try to get access to the database. Once we get into
the database we can add ,insert ,update and delete records too.