Injection Attacks
Injection Attacks occurs when an application does not properly validate user supplied input and then includes that input blindly in further processing.
SQL Injection
Hacker is able to execute arbitrary SQL request
how bad?
- can be used to probe database schema
- can be used to steal database data
- can be used to add/change/destroy database data
solution
- limited prilileges to application's database user
- sanitize input
- escape for SQL
- prepared statement
JavaScript Hijacking
JavaScript Hijacking allows an unauthorized attacker to read confidential data from a vulnerable application using a technique similar to the one commonly used to create mashups
JavaScript Hijacking allows an attacker to bypass the Same Origin Policy in the case that a Web application uses JavaScript to communicate confidential information.
Any data transport format where messages can be interpreted as one or more valid JavaScript statements is vulnerable to JavaScript Hijacking
e.g. JSON array is directly vulnerable to JavaScript Hijacking
- if a Web application transfers confidential data using messages written in JavaScript, in some cases the messages can be read by an attacker.
AJAX Security
Google Hacking
Search Worms
Bypassing the Same-Origin policy
JSON with Padding (JSONP) is a way to bypass the same-origin policy by using JSON in combination with the
<script>tag.Ajax Proxy
Browser Extensions and Plugins