Data Tampering Attack

Consider that you have a website where you purchase online and
monitor product costs. An example of a data tampering attack would
be a cunning person sneaking into a website and altering the prices
of products without authorization. Thus, an attacker may reduce the
price of a product that was initially $50 to $5 or $500 in an
attempt to cause havoc, deceive customers, or interfere with
corporate operations.
To put it another way, it would be similar to someone altering the
pricing or amounts of the things on your grocery list before you go
shopping. Usually, the intention is to confuse, obtain an advantage,
or simply make things go wrong.
Phishing Attack

One of the most successful attacks in the cyber space is the

phishing attack. At DefSec, there is a saying “Humans are the
weakest link in the cyber chain”. You may secure all your stuffs but
just a mere human by clicking on a malicious link has the potential
to destroy all your security. In a real-world case, an international
enterprise fell victim to a sophisticated phishing attack that had
far-reaching consequences. The incident began with employees
receiving seemingly innocuous emails appearing to originate from a
trusted source within the organization's hierarchy. The emails
contained urgent requests for sensitive information, such as login
credentials and financial data, under the guise of an important
project collaboration. Unbeknownst to the employees, these emails
were carefully crafted by skilled cybercriminals who had thoroughly
researched the organization's structure and communication patterns.
Trusting the legitimacy of the emails, several employees unknowingly
provided the requested information. With access credentials in hand,
the attackers swiftly infiltrated the enterprise's internal systems,
gaining unauthorized access to sensitive databases and confidential
files. The aftermath of the attack was severe, leading to a data
breach that compromised the personal information of clients and
employees. The financial losses were substantial, and the enterprise
faced legal repercussions and damage to its reputation.
This case highlights the need for continuous cybersecurity training
and awareness within organizations to empower employees to recognize
and report phishing attempts. It serves as a stark reminder that
even large enterprises with robust security measures in place can be
vulnerable to social engineering attacks, emphasizing the importance
of a comprehensive and proactive approach to cybersecurity.
File upload vulnerability

Assume you run a sophisticated online photo-sharing business where

users can submit images to be shared with others. Let's now assume
that there is a small bug on the website that lets users submit
files other than photos. This flaw is like a sneaky back door that
could let in things it shouldn't.
For instance, consider you are to fill up your job application and
the portal asks for your resume, ideally, the document should be in
.docx or .pdf format or any website asking for an image. But, if the
server is accepting files of other formats as well, let’s say the
format using which the backend code is designed, it leads to a lot
of security vulnerabilities and threats, leading even upto RCE.
Vulnerabilities related to file uploads occur when a web server
permits users to upload files to its filesystem without properly
verifying attributes such as filename, type, contents, or size. If
these limitations are not appropriately enforced, even a simple
picture upload feature may be used to upload random and maybe
harmful files. Even script files on the server side that provide
remote code execution may fall under this category.
How do file upload vulnerabilities arise?
It is rare for websites to be completely unrestricted in terms of
what files users can submit, given the rather obvious risks.
Developers more often than not implement what they think is rigorous
validation, which is either readily circumvented or has intrinsic
flaws.
For instance, they can try to add harmful file types to a blacklist
yet overlook parsing errors when examining the file extensions. It's
also simple to unintentionally remove more obscure file types that
could still be harmful, just like with any blacklist.
In other situations, the website might try to verify attributes that
are easily modified by an attacker with tools like Burp Proxy or
Repeater in order to check the file type.
In the end, even strong validation procedures might be implemented
unevenly throughout the network of hosts and directories that make
up the website, leading to disparities that could be taken advantage
of.
Let us see an example below
As you may see, there is an image upload feature here. We won’t be
discussing about how to know about the backend technology as you
might be well aware about these identification from Reconnaissance
phase.
We capture the request on Burp Suite by clicking on the upload
button and then send the request to Intruder. We find there is a
filename option that has the file type feature. We are going to
check what file types are allowed.

As we see from the above image we trying upload an jpg file

It’s successfully uploaded. If we catch the request in Burpsuite we
can see that the allowed file type.

The allowed Content-Type is image/jpeg.

Now let’s try to upload a php file which might contain our payload
for RCE.
But We can’t upload.

If we look at the request then we can see the content type is

application/octet-stream.
Now if we change this to allowed content type which is “image/jpeg”.
Let’s see what will happen.

Then we’ll send the request through browser.

As we can see we have successfully uploaded the php file and we
bypassed the file upload security. Now then open the php file.

So, if we had sent a RCE payload instead hello world it would

perfectly work and create an RCE.
Mitigation
 Whitelisting file types entails putting in place an allow-list
that restricts the application's ability to use files with
extensions other than those that are permitted.
 Limits on file names To stop injection attacks, when a file
has been uploaded, remove any potentially harmful characters,
such as special and Unicode characters. To stop directory path
attacks, renaming the uploaded file is also advised.
 Use reliable validation frameworks that close any
vulnerabilities that can be exploited by attackers while
verifying file uploads.