Scribd
Upload
29 views5 pages

OWASP TOP-10 Vulnerabilities

OWASP TOP-10 Vulnerabilities Project

Uploaded by

ahsanofficial237
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views5 pages

OWASP TOP-10 Vulnerabilities

OWASP TOP-10 Vulnerabilities Project

Uploaded by

ahsanofficial237
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

OWASP TOP-10 vulnerabilities

Assignment-1
Your Name

Student Id
CIS*6670 – Special Topics in Cybersecurity
Assignment-1

Contents
SQL Injection ................................................................................................................................................. 3
Screenshot ....................................................................................................................................... 3
Attack Scenario ................................................................................................................................ 4
Cross Site Scripting (XSS)............................................................................................................................... 5
Screenshot ....................................................................................................................................... 5
Attack Scenario ................................................................................................................................ 6
Authentication Vulnerabilities ...................................................................................................................... 7
Screenshot ....................................................................................................................................... 7
Attack Scenario ................................................................................................................................ 8
OS Command Injection ................................................................................................................................. 9
Screenshot ....................................................................................................................................... 9
Attack Scenario .............................................................................................................................. 10
Access Control Vulnerabilities and Privilege Escalation ............................................................................. 11
Screenshot ..................................................................................................................................... 11
Attack Scenario .............................................................................................................................. 12
File Upload Vulnerabilities .......................................................................................................................... 13
Screenshot ..................................................................................................................................... 13
Attack Scenario .............................................................................................................................. 14
Server-side Request Forgery (SSRF) ............................................................................................................ 15
Screenshot ..................................................................................................................................... 15
Attack Scenario .............................................................................................................................. 16
NoSQL Injection........................................................................................................................................... 17
Screenshot ..................................................................................................................................... 17
Attack Scenario .............................................................................................................................. 18
Cross-site Request Forgery (CSRF) .............................................................................................................. 19
Screenshot ..................................................................................................................................... 19
Attack Scenario .............................................................................................................................. 20
Clickjacking (UI redressing) ......................................................................................................................... 21
Screenshot ..................................................................................................................................... 21
Attack Scenario .............................................................................................................................. 22
CIS*6670 – Special Topics in Cybersecurity
Assignment-1

1) SQL Injection:

Screenshot:
CIS*6670 – Special Topics in Cybersecurity
Assignment-1

Attack Scenario:
An organization that provides financial services invites clients to visit an online platform that
provides information about clients’ operations and their accounts. The site has the possibility to
search the transaction history by entering requested keywords. This specific search feature in
this particular application is susceptible to SQL injection attacks.
Finding the Vulnerability:
An attacker discovers the vulnerability by entering a simple query such as ' OR '1'='1 into the
search bar. The system returns all transaction records, confirming the vulnerability.
Creating the Malicious Query:
The attacker develops a more complex format of SQL injection in order to obtain the information
he needs. For example, they use:
'; DROP TABLE users; --
This payload can potentially delete the users table if the input is not sanitized.
Injecting the Payload:
The attacker enters the invalid or malicious SQL code through the search bar so that the back
end database performs the undesired query.
Exploiting the Vulnerability:
When a common attack like the SQL injection is performed, an attacker is able to gain access to
valuable information including; user login details, account balances, and identification details.
They could also add, amend, or even delete data, thus greatly hampering the operations of the
firm.
Targeting the Database:
This attacker can then proceed to attack the database for more control and likely full DB
takeover or continually attack these infrastructure levering other vulnerabilities in the system,
etc.
CIS*6670 – Special Topics in Cybersecurity
Assignment-1

Continue…

You might also like