Project Athena
  • Welcome
  • Module 00 - Mindset
    • Introduction
    • Lectures
      • Introduction to the Offensive Security Mindset
      • Curiosity, Creativity, Persistence
      • Maintaining a Healthy Mindset
  • Module 01 - Ethics and Legal
    • Introduction
    • Lectures
      • Hacker Ethics
      • Legal Framework
      • Legal Framework in Germany
  • Module 02 - Reconnaissance
    • Introduction
    • Lectures
      • Introduction to Reconnaissance
      • Information Gathering
      • Open Source Intelligence (OSINT)
      • Social Engineering
      • Search Engines for Reconnaissance
  • Module 03 - Penetration Testing
    • Introduction
  • Module 04 - Web Security
    • Introduction
    • Lectures
      • Introduction to Web
      • Security Features of the Browser
      • Client Side Vulnerabilities
      • Server Side Vulnerabilities
  • Module 05 - Hacking with Python
    • Introduction
  • Module 06 - Assembly
    • Introduction
  • Module 07 - Reverse Engineering
    • Introduction
  • Module 08 - Binary Exploitation
    • Introduction
  • Module 09 - Forensics
    • Introduction
  • Module 10 - Metasploit
    • Introduction
  • Module 11 - Linux and Server Security
    • Introduction
  • Module 12 - Windows and AD Security
    • Introduction
  • Module 13 - Blue Teaming
    • Introduction
    • Lectures
      • Overview
      • Firewalls
      • Intrusion Detection and Prevention Systems
      • Incident Response
      • Security Information and Event Management (SIEM)
  • Module 14 - Cryptography
    • Introduction
    • Lectures
      • What is Cryptography?
      • Symmetric Cryptography
      • Asymmetric Cryptography
      • Cryptographic Attacks
  • Module 15 - Password Cracking
    • Introduction
  • Module 16 - Hardware Hacking
    • Introduction
  • Module 17 - Cloud Security
    • Introduction
    • Lectures
      • Overview of Cloud Security
      • Comparison of Server Types: Cloud, Dedicated, and Shared Servers
      • User and Permission Management in Cloud Platforms
      • Containerization Overview:
      • Cloud Computing Security Concepts:
      • Secure DevOps in the Cloud
      • Exploring Key Certifications and Standards in On-Premises and Cloud Security
  • Module 18 - Mobile Security
    • Introduction
  • Module 19 - Wireless Security
    • Introduction
    • Lectures
      • The Wireless Network Architecture
      • WiFi Security Fundamentals
      • WiFi Authentication and Encryption Mechanisms
      • WiFi Attack Vectors
      • Wireless Penetration Testing Tools and Techniques
      • Best Practices for Securing Wireless Networks
  • Module 20 - RATs and Rootkits
    • Introduction
    • Lectures
      • Remote Access Trojans
      • What is a Rootkit?
  • Module 21 - AI in offensive Security
    • Introduction
  • Module 22 - Social Engineering
    • Introduction
    • Lectures
      • Introduction to Social Engineering
      • Types of Social Engineerings Attacks
      • Stages of a Social Engineering Attack
      • Psychological Principles behind Social Engineering
      • Tools and Techniques for Social Engineering
      • Prevention and Defense against Social Engineering Attacks
Powered by GitBook
On this page
  • Server Side Vulnerabilities
  • SQL injection (SQLi)
  • Server-side request forgery (SSRF)
  • Resources
  1. Module 04 - Web Security
  2. Lectures

Server Side Vulnerabilities

PreviousClient Side VulnerabilitiesNextIntroduction

Last updated 1 year ago

Server Side Vulnerabilities

SQL injection (SQLi)

SQL injection (SQLi) is a critical web security vulnerability that enables attackers to manipulate the database queries made by an application. This allows them to access unauthorized data, potentially compromising user privacy and application integrity. Attackers can also modify or delete data, leading to persistent changes in the application. In severe cases, SQLi can be used to compromise the server or launch denial-of-service attacks.

Impact of SQL Injections:

  1. Data Manipulation: Attackers can tamper with existing data, potentially altering, deleting, or inserting new records.

  2. Identity Spoofing: Attackers can gain unauthorized access by pretending to be someone else, potentially leading to unauthorized transactions and actions.

  3. Data Disclosure: Entire databases can be exposed, leading to theft of sensitive information like user details, financial records, personal messages, etc.

  4. Data Destruction: Databases can be destroyed or rendered unavailable, disrupting business operations and causing financial losses.

  5. Admin Rights: Attackers can potentially gain administrative rights to the database server, giving them unrestricted access and control.

SQL Injection (SQLi) Example for Web Login

Context:

Imagine a website where users log in with their username and password. The website queries a database to verify these credentials.

Normal Query:

The application might use SQL like:

SELECT * FROM users WHERE username='INPUT_USERNAME' AND password='INPUT_PASSWORD';

Where INPUT_USERNAME and INPUT_PASSWORD are replaced by what the user enters.

SQLi Attack:

An attacker enters:

Username: admin' --
Password: [anything]

Resulting in the SQL:

SELECT * FROM users WHERE username='admin' --' AND password='[anything]';

The -- is a comment out symbol in SQL. The rest of the query is ignored, authenticating as 'admin' without needing the password!

Consequences:

  1. Unauthorized Access: Attacker logs in as an admin without knowing the password.

  2. Potential Data Breach: The attacker can exploit further vulnerabilities.

Explanation:

The application directly uses user input in SQL, allowing query manipulation.

Prevention:

  • Use parameterized queries or prepared statements.

  • Avoid directly adding user input into SQL queries.

  • Utilize web application firewalls and security audits.

For more Examples see: https://portswigger.net/web-security/sql-injection#sql-injection-examples

Server-side request forgery (SSRF)

Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location.

In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems. This could leak sensitive data, such as authorization credentials.

Impact of SSRF (Server-Side Request Forgery) Attacks

  1. Unauthorized Access: SSRF attacks can bypass access controls, potentially leading to unauthorized actions or data access within internal systems.

  2. Data Exfiltration: Sensitive data from the server or connected backend systems can be accessed, which may include personal, credential, or confidential information.

  3. Internal Probing: SSRF can be utilized to map internal networks, discover services on other machines, and identify further vulnerabilities within an internal network.

  4. Arbitrary Command Execution: Some SSRF vulnerabilities may lead to remote code execution, allowing attackers to run arbitrary commands on the server or related systems.

  5. Secondary Attacks: The server can be manipulated to make requests to external systems, leading to secondary attacks that appear to come from the organization itself.

  6. Denial of Service: SSRF attacks can result in service overload, potentially leading to denial of service for internal services.

  7. Cross-site Scripting (XSS): If SSRF responses are reflected back to the client, it could be exploited for XSS attacks.

Mitigation Strategies

  • Validate and sanitize all user inputs.

  • Minimize exposure of internal services.

  • Implement network segmentation and firewall rules to restrict internal network access.

Resources

  • https://portswigger.net/web-security/sql-injection

  • https://owasp.org/www-community/attacks/SQL_Injection

  • https://book.hacktricks.xyz/pentesting-web/sql-injection

  • https://portswigger.net/web-security/ssrf

SQLi Cover