Scribd
Upload
6 views

Security Testing - SQL Injection and XSS-1

The document discusses SQL Injection and Cross-Site Scripting (XSS) as types of security vulnerabilities. It provides examples of each attack method, highlighting how attackers can exploit unsanitized inputs to manipulate databases or execute malicious scripts. The importance of input sanitization and output encoding is emphasized to prevent these attacks.

Uploaded by

Suresh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

Security Testing - SQL Injection and XSS-1

The document discusses SQL Injection and Cross-Site Scripting (XSS) as types of security vulnerabilities. It provides examples of each attack method, highlighting how attackers can exploit unsanitized inputs to manipulate databases or execute malicious scripts. The importance of input sanitization and output encoding is emphasized to prevent these attacks.

Uploaded by

Suresh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

18/12/2022, 13:55 Box Notes

SQL Injection and XSS(Cross Site Scripting)

Security Testing - SQL Injection and XSS(Cross Site


Scripting)
SQL injection is a type of attack that involves inserting malicious code into an application's SQL
statements in order to gain access to or manipulate sensitive data.

Here are a some examples of SQL injection attacks:

1. Unsanitized input: An attacker could enter malicious input into a form field that is later used
in an SQL query without proper sanitization. For example, an attacker could enter the
following input into a login form:

JavaScript

1 username: ' OR '1'='1


2 password: ' OR '1'='1

This would result in the following SQL query being executed:

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '' OR '1'='1';

The query would return all rows from the users table, allowing the attacker to log in without a
valid username or password.

2. Union-based injection: An attacker could use the UNION operator in an SQL injection attack
to combine the results of multiple SELECT statements and retrieve sensitive data from
multiple tables. For example, an attacker could enter the following input into a search form:

search: ' UNION SELECT username, password FROM users WHERE '1'='1

This would result in the following SQL query being executed:

https://naveenautomationlabs.app.box.com/notes/1093806675369 1/6
18/12/2022, 13:55 Box Notes

SELECT * FROM products WHERE product_name LIKE '%'' UNION SELECT username,
password FROM users WHERE '1'='1%';

The query would return the username and password of all users in the system, allowing the
attacker to gain unauthorized access to user accounts.

====================================================

Cross-site scripting (XSS) is a type of attack that involves injecting malicious code (usually in
the form of a script) into a web page in order to execute arbitrary actions on behalf of the user.

Here are a some examples of XSS attacks:

1. Reflected XSS: An attacker could send a link to a victim that includes a malicious script in
the URL parameters. When the victim clicks on the link, the script is executed by the victim's
browser. For example, an attacker could send a link like the following:

JavaScript

1 http://example.com/search?q=<script>alert('XSS')</script>

When the victim clicks on the link, the script would be executed and an alert message would be
displayed.

2. Stored XSS: An attacker could inject a malicious script into a web page that is stored on the
server and executed every time the page is loaded. For example, an attacker could leave a
comment on a blog post that includes a malicious script, which is then stored in the
database and displayed on the page whenever it is loaded.

3. DOM-based XSS: An attacker could modify the Document Object Model (DOM) of a web
page in order to execute a malicious script. For example, an attacker could inject a script into
the DOM using a URL parameter or form input that is then executed by the victim's browser.
It is important to properly sanitize user input and properly encode output in order to prevent
these types of attacks.

========================================================

Here are some more examples of SQL injections:

https://naveenautomationlabs.app.box.com/notes/1093806675369 2/6
18/12/2022, 13:55 Box Notes

1. A simple example of SQL injection is when a user is asked to enter their username and
password to log into a website. If the user enters the following as their username:

admin' --

The resulting SQL query that is run on the server might look like this:
SELECT * FROM users WHERE username = 'admin' --' AND password = 'password';

The -- at the end of the injected string comments out the rest of the query, allowing the attacker
to log in as the administrator without knowing the correct password.

2. Another example of SQL injection is when a user is asked to enter their search query on a
website. If the user enters the following as their search query:

'; DROP TABLE users;--

The resulting SQL query that is run on the server might look like this:
SELECT * FROM products WHERE name LIKE '%'; DROP TABLE users;--%';

This would delete the entire users table, potentially causing significant data loss.

3. An attacker might try to insert a malicious piece of code into a form field on a website that is
intended to accept a numeric value. For example, if the website is vulnerable to SQL
injection, the attacker might enter the following code into the form field:

-1 OR 1=1

The resulting SQL query that is run on the server might look like this:
SELECT * FROM products WHERE id = -1 OR 1=1;

This query would return all rows in the products table, potentially revealing sensitive data to the
attacker.

4. An attacker might try to modify the structure of a database by injecting code that adds a
new column to a table. For example, the attacker might enter the following code into a form
field:

'; ALTER TABLE users ADD COLUMN password_hash VARCHAR(255);--

The resulting SQL query that is run on the server might look like this:

https://naveenautomationlabs.app.box.com/notes/1093806675369 3/6
18/12/2022, 13:55 Box Notes

SELECT * FROM users WHERE username = ''; ALTER TABLE users ADD COLUMN
password_hash VARCHAR(255);--';

This query would add a new column called "password_hash" to the users table, potentially
allowing the attacker to capture and store the password hashes of all users on the website.

========================================================================
===

Here are some more examples of XSS (Cross-Site Scripting):

1. A simple example of XSS is when a user is asked to enter their name on a website, and they
enter the following as their name:

<script>alert('XSS Attack!');</script>

If the website does not properly sanitize this input, the script will be executed and an alert box
will pop up for all users who visit the page where the name is displayed.

2. Another example of XSS is when an attacker creates a link that appears legitimate, but
includes a script that is executed when the link is clicked. For example, the attacker might
create a link that looks like this:

http://www.legitimate-website-blahblah.com/<script>alert('XSS Attack!');</script>
If a user clicks on this link, the script will be executed and an alert box will pop up.

3. An attacker might try to inject a malicious script into a website that steals sensitive
information from users. For example, the attacker might inject a script that captures the
user's login credentials and sends them to a remote server controlled by the attacker.

4. An attacker might try to inject a script that causes a website to display a fake login form,
tricking users into entering their login credentials. The script could then capture these
credentials and send them to the attacker.

5. An attacker might try to inject a script that causes a website to display a fake error message,
tricking users into believing that something is wrong with the website. The script could then
perform a variety of malicious actions, such as redirecting the user to a different website or
downloading a malicious file onto the user's computer.

=======================================

https://naveenautomationlabs.app.box.com/notes/1093806675369 4/6
18/12/2022, 13:55 Box Notes

List of some common types of SQL injection attacks:

1. Tautology attacks: These attacks use logic statements that are always true, such as "1=1", to
bypass authentication or authorization checks.
2. Union attacks: These attacks use the UNION operator to combine the results of multiple
SELECT statements, potentially allowing an attacker to access data that they are not
authorized to view.
3. Error-based attacks: These attacks rely on the injection of code that causes an error to be
returned by the database, revealing information about the database structure or data.
4. Blind attacks: These attacks use code that does not produce an immediate result, but allows
the attacker to infer the results of their injected code through a series of true/false
responses.
5. Time-based attacks: These attacks use code that causes a delay in the execution of a SQL
statement, allowing the attacker to infer information about the database based on the
length of the delay.
6. Inference attacks: These attacks use code that allows the attacker to infer information about
the database through the manipulation of query results.
7. Out-of-band attacks: These attacks use code that causes the database to send data to an
external server controlled by the attacker, potentially revealing sensitive information.

List of some common types of XSS attacks, along with examples:

1. Reflected XSS: This type of attack occurs when an attacker injects a script into a website
through a URL or form input, and the script is executed when the user visits the website. For
example, an attacker might create a link that appears legitimate, but includes a script that is
executed when the link is clicked. The link might look like this:
http://www.legitimate-website-blahblah.com/<script>alert('XSS Attack!');</script>
If a user clicks on this link, the script will be executed and an alert box will pop up.

2. Stored XSS: This type of attack occurs when an attacker injects a script into a website, and
the script is stored and executed every time a user visits the website. For example, an
attacker might post a message on a forum that includes a script, which is then stored in the
forum's database. Every time a user views the forum, the script will be executed.
3. DOM-based XSS: This type of attack occurs when an attacker manipulates the Document
Object Model (DOM) of a website in a way that causes a script to be executed. For example,
an attacker might manipulate the DOM of a website to cause a script to be executed when a
user moves their mouse over a certain element on the page.
4. Persistent XSS: This type of attack is a variant of stored XSS, in which the injected script is
stored and executed every time a user visits the website, even if the user does not interact

https://naveenautomationlabs.app.box.com/notes/1093806675369 5/6
18/12/2022, 13:55 Box Notes

with the injected element.


5. Non-persistent XSS: This type of attack is a variant of reflected XSS, in which the injected
script is executed only once, when the user interacts with the injected element.

It's important to note that both SQL injection and XSS attacks can be used to perform a wide
range of malicious actions, including stealing sensitive data, altering or deleting data, and
manipulating the behavior of a website. These are just a few simple examples to give you an idea
of how these types of attacks work.

Thanks for reading!


Naveen Khunteta [Naveen Automation Labs]
https://www.linkedin.com/in/naveenkhunteta/

https://naveenautomationlabs.app.box.com/notes/1093806675369 6/6

You might also like