Type of attacks disuccsion

serverAttacks.md

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
2. What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
3. What is SQL injection? and what is the attacker’s intention from it?
4. Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

5. What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?

Team members : Mohamad Karbejha - Jafar bino - Reem Bino

1- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
CSRF is a web security attack where a user is tricked into unknowingly performing actions on a trusted website. Attackers exploit the automatic inclusion of session cookies in HTTP requests, using the victim's authenticated credentials. It's called the "one-click attack" because a single click can trigger the unauthorized action.

2- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?

An XSS attack, or Cross-Site Scripting attack, is a type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into content from otherwise trusted websites. This malicious content is then delivered to a user's browser, where it can execute with the privileges of the trusted context, potentially stealing data or performing actions on behalf of the user without their consent.

The connection between XSS attacks and cookies/sessions is significant because one of the primary goals of an XSS attack is often to steal session cookies. If an attacker can obtain a user’s session cookie via an XSS attack, they can potentially hijack the user's current session, gaining unauthorized access to their account on the application.

There are two main categories of XSS:
Stored XSS (Persistent XSS): This occurs when the malicious script is permanently stored on the target server, such as in a database, message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when they request the stored information.

Reflected XSS (Non-Persistent XSS): This happens when the malicious script is reflected off a web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an email message, or a malicious website link.

3- What is SQL injection? and what is the attacker’s intention from it?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. It allows an attacker to interfere with the queries that an application makes to its database.

The attacker's intentions from an SQL injection can vary, but typically include:
Data Theft: Extracting sensitive data from the database, such as personal information, financial details, or proprietary data.

Data Loss or Corruption: Deleting records or entire tables, or changing data without authorization, which could corrupt the data or make the application unreliable or unusable.

Bypassing Authentication: Modifying the logic of SQL queries to bypass security checks, allowing for unauthorized access to the system.
Privilege Escalation: Gaining elevated access to restricted areas of the application or executing commands with higher privileges than that of the current user.

Attacking Other Systems: Using the compromised database server to mount attacks on other systems within the network.

Database Server Compromise: In some cases, SQL injection can lead to the attacker gaining administrative rights on the database server, allowing them to execute commands on the host operating system.

4-Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

The vulnerability in the provided SQL command is that it directly uses input from the user (username and password) in constructing a SQL query without any form of input validation, sanitization, or prepared statements/parameterized queries. This practice makes the code susceptible to SQL injection attacks.

Here's how an attacker might misuse this:

Injecting Malicious SQL Code: An attacker could enter a username or password that includes SQL code. For example, a username input like admin';-- could lead to SQL code that comments out the rest of the SQL command and grants access without a valid password.

Bypassing Authentication: By crafting input that alters the SQL logic, an attacker may bypass authentication. If they know a username, they could use an input like ' OR '1'='1 which would always evaluate to true, potentially giving them access to that user's account.
Exfiltrating Data: More complex injections could be used to change the nature of the query to return sensitive data from the database.

Database Schema Discovery: An attacker could use injections to discover the structure of the database, information about tables, columns, and other database schema information, which could be used for further attacks.

Database Administration Commands: If the database permissions are not correctly set, an attacker might execute administrative commands against the database, leading to data loss or corruption.
To prevent SQL injection attacks, developers should:

Always use parameterized queries or prepared statements instead of string concatenation to create SQL queries.
Apply input validation and whitelisting to ensure only permitted characters are processed.
Employ ORM (Object Relational Mapping) tools that abstract SQL code and use parameterized queries by design.
Minimize the privileges of the database account that the application uses to connect to the SQL server.
Utilize web application firewalls and security tools that can detect and block SQL injection attempts.

5-What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
End-to-End encryption (E2EE) is a security measure that ensures that messages or data being transmitted can only be accessed and read by the sender and the intended recipient. In other words, no one in between, including the service provider, can access or decipher the content of the message.
A well-known app that uses E2EE is WhatsApp. When you send a message on WhatsApp, it gets encrypted on your device using a unique encryption key. The encrypted message is then sent to the recipient's device, where it can only be decrypted and read using the recipient's encryption key. This means that even WhatsApp itself cannot read the message while it's in transit.
Example: Let's say you are having a conversation with a friend on WhatsApp. When you send a message, the content of that message is converted into a complex code that is meaningless to anyone who intercepts it. This encrypted message is securely transmitted to WhatsApp's servers. When your friend receives the message, it is decrypted using their encryption key and they can read the original content.
By using E2EE, WhatsApp ensures that your messages are protected and private. The only people who can access and read your messages are you and your intended recipients.

Team Members: Lin, Mohammad Alemarieh, Muna Al-Haj Eid, Mohamad Alchehabi

Q1) Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows the attacker tricks a user's browser into making an unintentional and unauthorized request to a web application on which the user is authenticated. The CSRF depends on three keys one of them is Cookie-based session handling, which performing the action involves issuing one or more HTTP requests, and the application relies solely on session cookies to identify the user who has made the requests. There is no other mechanism in place for tracking sessions or validating user requests.
It is called a "one-click attack," which refers to the fact that the victim is tricked into triggering the malicious action with just one click.

Q2) Cross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages, often targeting cookies or sessions. Two main categories are Stored XSS (persistent) and Reflected XSS (non-persistent).

Q3) SQL injection is a code injection technique used to modify or retrieve data from SQL databases. It is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. By inserting specialized SQL statements into an entry field, an attacker is able to execute commands that allow for the retrieval of data from the database, the destruction of sensitive data, or other manipulative behaviors.

Q4) The vulnerability in the given SQL command is SQL injection. An attacker can misuse it by providing specially crafted input to manipulate the query, potentially leading to unauthorized access or data manipulation. To mitigate this, parameterized queries or prepared statements should be used.

Q5) End-to-end encryption (E2EE) is a secure communication method that ensures only the sender and the intended recipient can access the contents of a message or file. It is a widely used method for securing data by making it unreadable to anyone who doesn’t have the decryption key.
WhatsApp, Telegram & Signal are a well-known messaging app that uses E2EE to secure its users’ conversations. When a user sends a message, it is encrypted on their device using a unique key that only the intended recipient can decrypt (known as a public key).

Room2 <Najwan Abu Shawareb - lina abumahfood - Yassin Aji - Ahmad juma>

Q1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
CSRF (Cross-Site Request Forgery) is a web security attack where an attacker tricks a user's browser into making unauthorized requests on a different site where the user is authenticated. It works by exploiting the automatic inclusion of authentication cookies in HTTP requests. It's called a "one-click attack" because a victim can be tricked with just a single click on a malicious link or button. To mitigate CSRF, developers use anti-CSRF tokens to validate the legitimacy of requests.

Q2.What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
XSS (Cross-Site Scripting) is a web security vulnerability where attackers inject malicious scripts into web pages viewed by other users. It can compromise cookies and sessions. Two main categories are:

Stored XSS: The script is permanently stored on the server.
Reflected XSS: Script is temporarily included in URLs or input fields, reflected to users.

Q3.What is SQL injection? and what is the attacker’s intention from it?
SQL injection is a security vulnerability where attackers inject malicious SQL code into input fields to manipulate and exploit a web application's database. The intention is to gain unauthorized access, retrieve or manipulate data, and potentially disrupt the application.

Q4.Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
The vulnerability in the provided SQL command is SQL injection. An attacker can misuse it to bypass authentication, disclose information, or attempt a denial of service attack by manipulating the username and password inputs. To prevent this, use parameterized queries or prepared statements.

Q5.What does End-to-End encryption mean? Share an example of a well-known app using E2EE, how is that app using it?
that only the sender and the receiver can read the messages, examples: signal and WhatsApp use E2EE for all chats by default

team member : Raneem , Ahmed mash, Malak jabr , abdalrhmn rizk

Q1:

Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user. (Conversely, cross-site scripting (XSS) attacks exploit the trust a user has in a particular Web application). A CSRF attack exploits a vulnerability in a Web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent.
works>>>

• Submitting or deleting a record.
• Submitting a transaction.
• Purchasing a product.
• Changing a password.
• Sending a message.
  Use of HTTP Requests: CSRF attacks manipulate users into submitting a request to a web application where they are already authenticated. For example, if a user is logged into their bank's website and then clicks on a malicious link, the malicious link can generate an HTTP request (such as a GET or POST request) to the bank's server. Since the user is already authenticated, the bank's server might execute the request without realizing it's malicious.

One-Click Attack: It's called a "one-click attack" because it generally requires only one action from the victim, such as clicking a link. This link triggers an HTTP request to the target site, leveraging the user's authenticated session. The simplicity of the attack is what makes it dangerous; users might not even realize they've initiated a harmful action.

Q2:

Cross-Site Scripting (XSS) is one of the dangerous assaults experienced while modifying an organization's or user's information.
two main categories of XSS:
1-Stored XSS (Persistent XSS)
2-Reflected XSS (Non-Persistent XSS)
The connection between xss attack and cookies/sessions:
The most severe XSS attacks involve disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account
This article suggests a comprehensive approach to detect and defend against XSS (Cross-Site Scripting) attacks using a blend of machine learning and deep learning techniques. It combines Naive Bayes (NB), Support Vector Machine (SVM), and k-Nearest Neighbors (k-NN) from machine learning, along with Recurrent Neural Networks (RNN), Convolutional Neural Networks (CNN), and Long Short-Term Memory (LSTM) networks from deep learning. This method, known as "hybrid stacking," is integrated with web applications for enhanced efficiency and accuracy.

Q3:

SQL injection is a type of cyber attack where malicious code is inserted into a SQL query, allowing the attacker to manipulate or extract data from a database.
The attacker's intention is usually to gain unauthorized access to a system, retrieve sensitive information, modify or delete data, or perform other malicious actions within a database.
This occurs when a web application does not properly validate or sanitize user input, enabling attackers to inject SQL code and exploit vulnerabilities in the system.

Q5:

End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another.
In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker or any other entity or service.
Examples : Facebook, WhatsApp and Zoom
In messaging services and email, E2EE ensures that the message contents remain encrypted from the sender’s device until it reaches the receiver’s device, thereby protecting the privacy of the communication from service providers, advertisers and hackers.

Room 12: Baraa

A.1. Cross-Site Request Forgery (CSRF), commonly known as a one-click attack, is a web security vulnerability. It tricks a user's browser into performing unauthorized actions on a trusted website by exploiting the user's existing authenticated session. In simple terms, an attacker sends a hidden request using your logged-in session, and when you click a link, the website, thinking it's you, executes hidden actions, potentially causing significant harm with just one click.
A.2. XSS injects malicious scripts into trusted websites, exploiting your cookies and session data. There are two main types:
Reflected: Your own input gets weaponized against you.
Stored: Hidden scripts lurk on compromised pages, attacking any visitor.
A.3. SQL injection is a cyberattack where malicious SQL code is injected into a web application's inputs. The goal is to compromise the database, enabling unauthorized data access, modification, or command execution. Prevention involves input validation and secure database practices.
A.4. The vulnerability in the provided SQL command is due to the direct insertion of user inputs (username and password) without proper validation.
A.5. E2EE ensures that data is securely transmitted and only accessible by the sender and intended recipient. WhatsApp employs E2EE by generating cryptographic keys on users' devices, exchanging keys, and encrypting messages. This guarantees that even WhatsApp cannot access the content, providing a high level of privacy and security.

Team Hakimah, Abdullah, Feda
Q1: CSRF: Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. For example, this might be to change the email address on their account,
Part 2- The malicious site contains a script or code that sends a request to a different website (the target site) on which the victim is authenticated. Because the victim is already authenticated on the target site, the browser automatically includes the necessary authentication cookies with the malicious request. Part 3 : because the attack typically requires only a single click on a malicious link or interaction with a compromised webpage.

Q2-Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. The connection between XSS attacks and cookies/sessions lies in the fact that once an attacker successfully injects malicious scripts into a webpage and a user's browser executes those scripts, the attacker can potentially access and manipulate cookies or session data associated with that particular website. And what are the two main categories of XSS?
1-((Persistent XSS): the malicious script is permanently stored on the target server,
2- Non-Persistent XSS:the malicious script is embedded in a URL or another input field

Q3-SQL injection : is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. allows an attacker to interfere with the queries that an application makes to its database. Part 2 : This can lead to unauthorized access to the database, exposure of sensitive information, manipulation of data.

Q4- There is no type of validation input parameters(username and password), can lead to SQL injection

Q5-is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another. App: Facebook, WhatsApp how they using it :
WhatsApp's end-to-end encryption (E2EE) is built on the Signal Protocol, designed by Open Whisper Systems. This protocol ensures that when you send messages, photos, or videos to someone, everything is locked in a secure encryption box, and only the intended recipient has the keys to open it.

Room : Osama , Hammam , Farah Arar , Farah alsoqi

Q1 : Cross-Site Request Forgery (CSRF) attack is that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

• HTTP requests The browser automatically sends the HTTP request to the target website, using the victim's authenticated session cookie , CSRF tokens can protect all request types except for GET, HEAD and OPTIONS requests.
  -The term "one-click attack" is used to describe CSRF attacks because, from the victim's perspective, the attack can be executed with a single click.

---

Q2 :
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website
-the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. Session Hijacking: XSS can lead to taking over an active user session, enabling attackers to do things on behalf of the victim.
-XSS attacks can be generally categorized into two main types: non-persistent (reflected) and persistent (stored).

---

Q3:
SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. Attackers can bypass security measures of applications and use SQL queries to modify, add, update, or delete records in a database , to manipulate a database and gain access to potentially valuable information.

---

Q4 :

The provided SQL command is vulnerable to SQL injection. An attacker could manipulate the input values to execute unauthorized SQL queries, potentially leading to unauthorized access or data manipulation. To prevent this, use parameterized queries or prepared statements to properly handle user input in SQL commands , The vulnerability lies in the direct inclusion of user-provided values (username and password) into the SQL query string without proper sanitization or parameterization. An attacker can exploit this vulnerability by manipulating the input values in such a way that the resulting SQL query behaves unexpectedly.

-The vulnerability in the given SQL command is due to the direct inclusion of user inputs (username and password) without proper validation. This makes it susceptible to SQL injection.

---

Q5 :
End-to-end encryption is a security method that keeps your communications secure , lets give an example : Alice wants to send Bob an encrypted message. She uses Bob's public key to encrypt her message to him. Then, when Bob receives the message, he uses his private key on his device to decrypt the message from Alice.

from room 12 ( hasan)

Q1) is a vulnerability found in web applications that lets a third party attacker perform sensitive actions on a user’s behalf. The exploitation of this bug can target normal users as well as site administrators, sometimes leading to a full compromise of a website
__

__

Q2) is a cyberattack in which a hacker enters malicious code into a web form or web application url. This malicious code, written in a scripting language like JavaScript or PHP, can do anything from vandalizing the website you’re trying to load to stealing your passwords or other login credentials.
__
__ Types of XSS: Stored XSS, Reflected XSS

Q3) SQL injection is a code injection technique that might destroy your database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web page input.

___ is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database.

Q5)Data encryption is the process of using an algorithm that transforms standard text characters into an unreadable format. To explain, this process uses encryption keys to scramble data so that only authorized users can read it. End-to-end encryption uses this same process, too. However, it takes it a step farther by securing communications from one endpoint to another.

___ Whatsapp

Room 3: Noor Alari, Ramah Madi, Rama Alzeer, Momena Salloum.

Q1. CSRF( Cross-Site Request Forgery ), is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. also known as one-click attack or session riding, is application in which they're currently authenticated a type of cyber attack that forces an end user to execute unwanted actions on a web.

it is to force the user to submit a state-changing request. Examples include:
• Submitting or deleting a record.
• Submitting a transaction.
• Purchasing a product.
• Changing a password.
• Sending a message.

using http request by:
• Authentication and Session Cookies:
o When a user logs into a web application, the server sends back a session cookie to the user's browser.
o This session cookie is then automatically included in subsequent requests to the same domain, authenticating the user.
• Malicious Link or Content:
o An attacker creates a malicious link, often embedded in a website, email, or another communication.
o The link leads to a request that performs an action on a target web application where the victim is already authenticated.
• Automatic Inclusion of Cookies:
o When the victim clicks on the malicious link, their browser automatically includes the session cookie associated with the target web application.
• Unauthorized Action:
o The malicious request is sent from the victim's browser, and the web application, trusting the request because it contains a valid session cookie, processes the request as if it came from the legitimate user.

"one-click attack" because the attack can be initiated with a single click on a seemingly harmless link. The victim might not be aware that they are triggering an action on a different site, and the attack can occur without any explicit user action beyond visiting a malicious page.
note: using SSL does not prevent a CSRF attack, because the malicious site can send an "https://" request.

Q2. XSS Attack (Cross-Site Scripting):
In simple terms, XSS is like a sneaky trick that bad guys use to mess with websites you visit. They inject harmful code, like secret commands, into the websites. When you open the compromised website, this code runs in your browser, and the bad guys can steal your info or do things on the website pretending to be you.

Connection Between XSS and Cookies/Sessions:
Imagine your online session is like a special key that lets you access a website without logging in every time. If bad guys use XSS, they can steal that key (cookie) or use it to pretend to be you, doing things you didn't ask for on a website.

Two Main Categories of XSS:

1. Stored XSS (Persistent XSS):
   Example: Bad guys write a secret code in a comment on a website. When others read that comment, the code runs in their browsers, causing trouble.

2. Reflected XSS:
   Example: Bad guys send you a special link. When you click it, the harmful code in the link runs in your browser, doing things it shouldn't.

Q3. SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. SQL injection attacks harness the power of code for malicious purposes, this can allow an attacker to view data that they are not normally able to retrieve, usually by infiltrating the backend of an application or webpage to view, alter, or delete information. This might include sensitive company data, valuable assets, or customer details.

Q4. The vulnerable part of the code:
let strQry = SELECT Count(*) FROM Users WHERE username=${username} AND password=${password};

An attacker can exploit this vulnerability by manipulating the input values, for example by providing a malicious input for the username or password fields. For instance, if an attacker sets the username input to something like ' OR '1'='1' -- and sets the password input to an empty string, the resulting query would look like:
SELECT Count(*) FROM Users WHERE username='' OR '1'='1' -- AND password='';
In this case, the double hyphen (--) is used to comment out the rest of the query, making it possible for an attacker to bypass the password check and potentially gain unauthorized access.

Q5. End-to-end encryption (E2EE) is a secure communication method that prevents third parties from accessing data while it is being transferred from one end system or device to another. In E2EE, only the communicating users can read the messages, and no one in between, not even the provider of the communication service, can access the plaintext communication.

An example of a well-known app using E2EE is WhatsApp. WhatsApp uses the Signal Protocol, which is an open-source encryption protocol developed by Open Whisper Systems. When a user sends a message on WhatsApp, it is encrypted on the sender's device and can only be decrypted on the recipient's device. This ensures that the message content remains private and secure, even if the message is intercepted during transmission.

ROOM 8 : Lubna Abdelkhaleq // Nour Kayyali // Mahmoud Rumaneh // Ala'a Nusairat

Q1: Cross-site request forgery, alternatively referred to as session riding or one-click attack, represents a web security flaw enabling a malicious actor to manipulate users into executing unintended actions. This vulnerability provides an avenue for the attacker to bypass elements of the same origin policy, a protective measure aimed at preventing various websites from disrupting each other's functionality.

How It Uses HTTP Requests:
Attacker Crafts a Malicious Request:
The attacker creates a malicious link or form that, when triggered, sends a request to a vulnerable web application.
This request is designed to perform an unauthorized action on the victim's behalf.
Victim's Browser Sends Request Unknowingly:
The attacker tricks the victim into visiting the malicious link or submitting the form.
The victim's browser automatically includes any authentication cookies associated with the vulnerable web application in the request.
Application Executes Action:
The web application, unable to distinguish between a legitimate request from the user and the forged request, executes the action as if it came from the authenticated user. // it is a type of cyber attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. // In a CSRF, or "one-click attack," the attacker manipulates a user into unknowingly executing actions on a website where they are authenticated. With just a single click on a malicious link or content, the attacker can leverage the user's existing authentication to perform actions on the targeted site, exploiting the trust between the user and the website.

Q2: Cross-Site Scripting (XSS) attacks involve injecting harmful scripts into trusted websites. Attackers exploit vulnerabilities in web applications that fail to validate or encode user input. By tricking users into executing these scripts, attackers can access sensitive information stored by the user's browser, such as cookies or session tokens. // XSS attacks can steal cookie data by reading or modifying the malicious script injected into the website. // non-persistent (reflected) and persistent (stored).

Non-persistent (Reflected) XSS:
Reflected XSS involves the immediate execution of a malicious script, often delivered through manipulated URLs or form inputs. The web application instantly reflects the injected script back to the user's browser, posing a transient threat.

Persistent (Stored) XSS:
Stored XSS presents a persistent risk as the injected malicious script is permanently saved on the target server. Every time users access a specific page or resource containing the stored script, it is retrieved and executed from the server, impacting multiple users over an extended period.

Q3: SQL injection is a type of hack where bad actors sneak malicious code into a website's database by manipulating user inputs. This allows them to do unauthorized things, like accessing or messing with data. To prevent it, developers need to use secure coding practices. // the essence of a SQL injection attack: injecting malicious SQL code to manipulate the logic of a query. In real-world scenarios, attackers can exploit such vulnerabilities for unauthorized access, data manipulation, or other malicious activities.

Q4: In the given SQL command, the vulnerability lies in directly injecting user inputs into the query without proper validation. An attacker can exploit this by providing malicious input to manipulate the query.

For example, an attacker might input the following:

Username: ' OR '1'='1'; --
Password: ' OR '1'='1'; --
This would result in a manipulated query:

SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; -- AND password='' OR '1'='1'; --
With this, the attacker can bypass the login check because the conditions '1'='1' always evaluate to true, granting unauthorized access.

Q5: End-to-end encryption is a security method that keeps your communications secure. With end-to-end encryption, no one, including Google and third parties, can read eligible messages as they travel between your phone and the phone you message. // WhatsApp is a popular messaging app that uses end-to-end encryption to protect user messages, voice calls, and video calls. E2EE on WhatsApp relies on the Signal Protocol, an open-source encryption method developed by Open Whisper Systems.

How Does E2EE Work?

1.Key Generation: Each user's device generates a unique pair of 2.keys: a public key and a private key.
Key Exchange: The public keys are shared with others to initiate secure communication.
3.Message Encryption: The sender's device encrypts messages using the recipient's public key.
4.Decryption: Only the recipient's device, which holds the corresponding private key, can decrypt the messages.

mohmmad smadi , Gorgees Odisho , Mohamad Sheikh Alshabab , Hayder Abu -Al-Hummos

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering, an attacker may trick the users of a web application into executing actions of the attacker’s choosing, The attack takes advantage of the browser includes the user's authentication credentials with every request to the targeted site like when user try to log in, while his request get to the server the attacher or the hacker can implement the request. Man in the middle Is how CSRF can exploit when a user logs into a website, the server typically issues a session cookie to the user. This cookie is stored by the user's browser and is sent automatically with every subsequent request to the same domain. the reason why it's called a one click attack is: the victim typically needs to perform just one action, such as clicking on a link or visiting a malicious website, to unintentionally initiate an attack.

Q2:
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie. One of the primary goals of XSS attacks is to steal user authentication tokens or session cookies and attacks can be used to fixate a user's session, where an attacker sets or manipulates the user's session ID

1. Stored XSS (Persistent):

   • Scripts are permanently stored on the server.
   • Executed when users visit a specific page.
   • Impact can last across multiple sessions.

2. Reflected XSS (Non-Persistent):

   • Scripts are embedded in URLs or form inputs.
   • Executed when users interact with a crafted link or form.
   • Typically a one-time event; the script is not stored on the server.

Q3:
a code-based vulnerability that allows an attacker to read and access sensitive data from the database

Q4 :
this the the vulnerable part: (username=${username} AND password=${password}`;),
a way the attackers can misuse it is by: classic SQL injection in which an attacker could input a specially crafted value for the username or password parameter to manipulate the SQL query

Q5:
End2End is basically where whatever is outputted from the server goes out encrypted, and all the way until it reaches the end user, only then is it decrypted. WhatsApp, Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys the keys change with every single message that's sent

Room 11 : Dana Maraqa, Musab Sakhreyah, Aya Abu Al Hummos, Sanad Al Shobaki,

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.CSRF attacks exploit the trust a Web application has in an authenticated user. by using HTTP requests to deceive the victim's browser into sending forged request to a target site where the victim is authenticated.

it is called one-click attack because it usually takes one click on a malicious link or a visit to a malicious website for the attack to initiate.

Q2:
An XSS (Cross-Site Scripting) attack occurs when an attacker injects malicious scripts into content from a trusted website, which then gets executed in the victim's browser.The connection between XSS and cookies/sessions is that attackers often use XSS to steal session cookies or tokens. By injecting scripts that send the user's cookies to the attacker, they can hijack the user's session and impersonate them.

XSS Categories : Stored (persistent): The malicious script is permanently stored on the target server
Reflected(Non-persistent):The malicious script is included in a request sent to the server,and the server includes it in the response.

Q3:

• SQL injection is a type of cyber attack that occurs when an attacker inserts or manipulates malicious SQL code into input fields of a web application
• The goal of SQL injection is to trick the application into executing unintended SQL queries, which can lead to unauthorized access, data manipulation, and potentially full control of the database

Q4-
The SQL command is vulnerable to SQL injection because it directly includes user-provided data (username and password) in the SQL query. An attacker could provide a specially crafted username or password that alters the SQL command. For example, if an attacker provides "admin'; --" as the username, the SQL command becomes SELECT Count(*) FROM Users WHERE username='admin'; -- AND password=${password}, which could allow unauthorized access if 'admin' is a valid username.

or SQL injection can be implemented to change the code from mentioned above to SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; which will always evaluate to true so the authentication for the username and password will always return the data .

Q5-
End-to-End Encryption (E2EE): E2EE is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. A well-known app that uses E2EE is WhatsApp. WhatsApp uses the Signal Protocol to implement end-to-end encryption. When you send a message, it is secured with a lock, and only the recipient has the special key to unlock and read the message.

Jana, Banan, Hala, Hadeel
Q1
A CSRF (Cross-Site Request Forgery) attack involves unauthorized actions taking place on a website using the credentials of a trusted user, often without their knowledge. To prevent such attacks, developers implement security measures like anti-CSRF tokens and follow best practices. In a CSRF attack, the attacker deceives the user into triggering unauthorized commands on a trusted website through a manipulated HTTP request. Developers use anti-CSRF tokens in HTTP requests to validate their authenticity and reduce the risk of unauthorized commands being executed. The term "one-click attack" is used to underscore that in many cases, a single click by the user is sufficient to initiate the attack, using the user's active session on the targeted website to execute unauthorized actions.

Q2
XSS attack is short for cross-site scripting. XSS attacks are type of injection in which attackers inject malicious scripts in the code of trusted websites
Categories:
Reflected XSS (non-persistent / Type I)
Stored XSS (Persistent / Type II)
DOM-based XSS (Type 0)
Connection between XSS and sessions/cookies:
XSS attacks can access the cookies including session cookies of the users so the attacker can impersonate legitimate users and gain unauthorized access.

Q3
SQL injection is a type of cyber attack where an attacker inserts or manipulates malicious SQL (Structured Query Language) code into input fields of a web application. The intention is to exploit vulnerabilities in the application's code that doesn't properly validate or sanitize user input.

The attacker's goals with SQL injection can include:

Unauthorized Access: By injecting malicious SQL code, attackers may gain unauthorized access to a database, retrieve, modify, or delete data.
Data Manipulation: Altering or deleting data within the database, potentially causing data loss or corruption.
Authentication Bypass: Using SQL injection to bypass login mechanisms, gaining access to restricted areas of an application.
Information Disclosure: Retrieving sensitive information from the database that wasn't meant to be accessible, such as usernames, passwords, or other confidential data.

Q4
The provided SQL command is susceptible to SQL injection, a prevalent security vulnerability in web applications. The vulnerability stems from the direct interpolation of user inputs (username and password) into the SQL query string in the given code:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

• The risk lies in the direct interpolation of user inputs, allowing an attacker to potentially manipulate the SQL query by controlling the values of username and password in a malicious manner. This manipulation could lead to unauthorized actions or the extraction of sensitive information. An example of a malicious input could be:
username: '1'='1';
This input will always evaluate to true, showcasing the potential danger associated with SQL injection vulnerabilities.

Q5
End-to-end encryption refers to a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. In this process, the data is encrypted at the sender's end and only the recipient is able to decrypt it. This means that even the service provider or network operator in the middle of the communication cannot access the unencrypted data. It ensures that the data is secure and private throughout the entire communication process.
One well-known app that utilizes end-to-end encryption (E2EE) is WhatsApp. WhatsApp utilizes E2EE to secure all communications, including text messages, voice calls, video calls, and file transfers, between users. When a message is sent, it is encrypted on the sender's device and can only be decrypted by the recipient's device. This ensures that the content of the messages remains private and secure, even if the messages are intercepted during transmission. The use of E2EE in WhatsApp provides users with a high level of privacy and security in their communications.