Skip to content

Instantly share code, notes, and snippets.

@halitbatur
Created January 18, 2024 11:16
Show Gist options
  • Save halitbatur/7ba9858271d91b6e0441c4e487fe3789 to your computer and use it in GitHub Desktop.
Save halitbatur/7ba9858271d91b6e0441c4e487fe3789 to your computer and use it in GitHub Desktop.
Type of attacks disuccsion
  1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
  2. What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
  3. What is SQL injection? and what is the attacker’s intention from it?
  4. Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
  1. What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
@osama7da
Copy link

Room : Osama , Hammam , Farah Arar , Farah alsoqi

Q1 : Cross-Site Request Forgery (CSRF) attack is that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

  • HTTP requests The browser automatically sends the HTTP request to the target website, using the victim's authenticated session cookie , CSRF tokens can protect all request types except for GET, HEAD and OPTIONS requests.
    -The term "one-click attack" is used to describe CSRF attacks because, from the victim's perspective, the attack can be executed with a single click.

Q2 :
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website
-the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. Session Hijacking: XSS can lead to taking over an active user session, enabling attackers to do things on behalf of the victim.
-XSS attacks can be generally categorized into two main types: non-persistent (reflected) and persistent (stored).


Q3:
SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. Attackers can bypass security measures of applications and use SQL queries to modify, add, update, or delete records in a database , to manipulate a database and gain access to potentially valuable information.


Q4 :

The provided SQL command is vulnerable to SQL injection. An attacker could manipulate the input values to execute unauthorized SQL queries, potentially leading to unauthorized access or data manipulation. To prevent this, use parameterized queries or prepared statements to properly handle user input in SQL commands , The vulnerability lies in the direct inclusion of user-provided values (username and password) into the SQL query string without proper sanitization or parameterization. An attacker can exploit this vulnerability by manipulating the input values in such a way that the resulting SQL query behaves unexpectedly.

-The vulnerability in the given SQL command is due to the direct inclusion of user inputs (username and password) without proper validation. This makes it susceptible to SQL injection.


Q5 :
End-to-end encryption is a security method that keeps your communications secure , lets give an example : Alice wants to send Bob an encrypted message. She uses Bob's public key to encrypt her message to him. Then, when Bob receives the message, he uses his private key on his device to decrypt the message from Alice.

@H-jabai92
Copy link

from room 12 ( hasan)

Q1) is a vulnerability found in web applications that lets a third party attacker perform sensitive actions on a user’s behalf. The exploitation of this bug can target normal users as well as site administrators, sometimes leading to a full compromise of a website
__

__

Q2) is a cyberattack in which a hacker enters malicious code into a web form or web application url. This malicious code, written in a scripting language like JavaScript or PHP, can do anything from vandalizing the website you’re trying to load to stealing your passwords or other login credentials.
__
__ Types of XSS: Stored XSS, Reflected XSS

Q3) SQL injection is a code injection technique that might destroy your database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web page input.

___ is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database.

Q5)Data encryption is the process of using an algorithm that transforms standard text characters into an unreadable format. To explain, this process uses encryption keys to scramble data so that only authorized users can read it. End-to-end encryption uses this same process, too. However, it takes it a step farther by securing communications from one endpoint to another.

___ Whatsapp

@ramah-madi
Copy link

ramah-madi commented Jan 18, 2024

Room 3: Noor Alari, Ramah Madi, Rama Alzeer, Momena Salloum.

Q1. CSRF( Cross-Site Request Forgery ), is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. also known as one-click attack or session riding, is application in which they're currently authenticated a type of cyber attack that forces an end user to execute unwanted actions on a web.

it is to force the user to submit a state-changing request. Examples include:
• Submitting or deleting a record.
• Submitting a transaction.
• Purchasing a product.
• Changing a password.
• Sending a message.

using http request by:
• Authentication and Session Cookies:
o When a user logs into a web application, the server sends back a session cookie to the user's browser.
o This session cookie is then automatically included in subsequent requests to the same domain, authenticating the user.
• Malicious Link or Content:
o An attacker creates a malicious link, often embedded in a website, email, or another communication.
o The link leads to a request that performs an action on a target web application where the victim is already authenticated.
• Automatic Inclusion of Cookies:
o When the victim clicks on the malicious link, their browser automatically includes the session cookie associated with the target web application.
• Unauthorized Action:
o The malicious request is sent from the victim's browser, and the web application, trusting the request because it contains a valid session cookie, processes the request as if it came from the legitimate user.

"one-click attack" because the attack can be initiated with a single click on a seemingly harmless link. The victim might not be aware that they are triggering an action on a different site, and the attack can occur without any explicit user action beyond visiting a malicious page.
note: using SSL does not prevent a CSRF attack, because the malicious site can send an "https://" request.

Q2. XSS Attack (Cross-Site Scripting):
In simple terms, XSS is like a sneaky trick that bad guys use to mess with websites you visit. They inject harmful code, like secret commands, into the websites. When you open the compromised website, this code runs in your browser, and the bad guys can steal your info or do things on the website pretending to be you.

Connection Between XSS and Cookies/Sessions:
Imagine your online session is like a special key that lets you access a website without logging in every time. If bad guys use XSS, they can steal that key (cookie) or use it to pretend to be you, doing things you didn't ask for on a website.

Two Main Categories of XSS:

  1. Stored XSS (Persistent XSS):
    Example: Bad guys write a secret code in a comment on a website. When others read that comment, the code runs in their browsers, causing trouble.

  2. Reflected XSS:
    Example: Bad guys send you a special link. When you click it, the harmful code in the link runs in your browser, doing things it shouldn't.

Q3. SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. SQL injection attacks harness the power of code for malicious purposes, this can allow an attacker to view data that they are not normally able to retrieve, usually by infiltrating the backend of an application or webpage to view, alter, or delete information. This might include sensitive company data, valuable assets, or customer details.

Q4. The vulnerable part of the code:
let strQry = SELECT Count(*) FROM Users WHERE username=${username} AND password=${password};

An attacker can exploit this vulnerability by manipulating the input values, for example by providing a malicious input for the username or password fields. For instance, if an attacker sets the username input to something like ' OR '1'='1' -- and sets the password input to an empty string, the resulting query would look like:
SELECT Count(*) FROM Users WHERE username='' OR '1'='1' -- AND password='';
In this case, the double hyphen (--) is used to comment out the rest of the query, making it possible for an attacker to bypass the password check and potentially gain unauthorized access.

Q5. End-to-end encryption (E2EE) is a secure communication method that prevents third parties from accessing data while it is being transferred from one end system or device to another. In E2EE, only the communicating users can read the messages, and no one in between, not even the provider of the communication service, can access the plaintext communication.

An example of a well-known app using E2EE is WhatsApp. WhatsApp uses the Signal Protocol, which is an open-source encryption protocol developed by Open Whisper Systems. When a user sends a message on WhatsApp, it is encrypted on the sender's device and can only be decrypted on the recipient's device. This ensures that the message content remains private and secure, even if the message is intercepted during transmission.

@Lubnabd
Copy link

Lubnabd commented Jan 18, 2024

ROOM 8 : Lubna Abdelkhaleq // Nour Kayyali // Mahmoud Rumaneh // Ala'a Nusairat

Q1: Cross-site request forgery, alternatively referred to as session riding or one-click attack, represents a web security flaw enabling a malicious actor to manipulate users into executing unintended actions. This vulnerability provides an avenue for the attacker to bypass elements of the same origin policy, a protective measure aimed at preventing various websites from disrupting each other's functionality.

How It Uses HTTP Requests:
Attacker Crafts a Malicious Request:
The attacker creates a malicious link or form that, when triggered, sends a request to a vulnerable web application.
This request is designed to perform an unauthorized action on the victim's behalf.
Victim's Browser Sends Request Unknowingly:
The attacker tricks the victim into visiting the malicious link or submitting the form.
The victim's browser automatically includes any authentication cookies associated with the vulnerable web application in the request.
Application Executes Action:
The web application, unable to distinguish between a legitimate request from the user and the forged request, executes the action as if it came from the authenticated user. // it is a type of cyber attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. // In a CSRF, or "one-click attack," the attacker manipulates a user into unknowingly executing actions on a website where they are authenticated. With just a single click on a malicious link or content, the attacker can leverage the user's existing authentication to perform actions on the targeted site, exploiting the trust between the user and the website.

Q2: Cross-Site Scripting (XSS) attacks involve injecting harmful scripts into trusted websites. Attackers exploit vulnerabilities in web applications that fail to validate or encode user input. By tricking users into executing these scripts, attackers can access sensitive information stored by the user's browser, such as cookies or session tokens. // XSS attacks can steal cookie data by reading or modifying the malicious script injected into the website. // non-persistent (reflected) and persistent (stored).

Non-persistent (Reflected) XSS:
Reflected XSS involves the immediate execution of a malicious script, often delivered through manipulated URLs or form inputs. The web application instantly reflects the injected script back to the user's browser, posing a transient threat.

Persistent (Stored) XSS:
Stored XSS presents a persistent risk as the injected malicious script is permanently saved on the target server. Every time users access a specific page or resource containing the stored script, it is retrieved and executed from the server, impacting multiple users over an extended period.

Q3: SQL injection is a type of hack where bad actors sneak malicious code into a website's database by manipulating user inputs. This allows them to do unauthorized things, like accessing or messing with data. To prevent it, developers need to use secure coding practices. // the essence of a SQL injection attack: injecting malicious SQL code to manipulate the logic of a query. In real-world scenarios, attackers can exploit such vulnerabilities for unauthorized access, data manipulation, or other malicious activities.

Q4: In the given SQL command, the vulnerability lies in directly injecting user inputs into the query without proper validation. An attacker can exploit this by providing malicious input to manipulate the query.

For example, an attacker might input the following:

Username: ' OR '1'='1'; --
Password: ' OR '1'='1'; --
This would result in a manipulated query:

SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; -- AND password='' OR '1'='1'; --
With this, the attacker can bypass the login check because the conditions '1'='1' always evaluate to true, granting unauthorized access.

Q5: End-to-end encryption is a security method that keeps your communications secure. With end-to-end encryption, no one, including Google and third parties, can read eligible messages as they travel between your phone and the phone you message. // WhatsApp is a popular messaging app that uses end-to-end encryption to protect user messages, voice calls, and video calls. E2EE on WhatsApp relies on the Signal Protocol, an open-source encryption method developed by Open Whisper Systems.

How Does E2EE Work?

1.Key Generation: Each user's device generates a unique pair of 2.keys: a public key and a private key.
Key Exchange: The public keys are shared with others to initiate secure communication.
3.Message Encryption: The sender's device encrypts messages using the recipient's public key.
4.Decryption: Only the recipient's device, which holds the corresponding private key, can decrypt the messages.

@mohmmadms
Copy link

mohmmad smadi , Gorgees Odisho , Mohamad Sheikh Alshabab , Hayder Abu -Al-Hummos

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering, an attacker may trick the users of a web application into executing actions of the attacker’s choosing, The attack takes advantage of the browser includes the user's authentication credentials with every request to the targeted site like when user try to log in, while his request get to the server the attacher or the hacker can implement the request. Man in the middle Is how CSRF can exploit when a user logs into a website, the server typically issues a session cookie to the user. This cookie is stored by the user's browser and is sent automatically with every subsequent request to the same domain. the reason why it's called a one click attack is: the victim typically needs to perform just one action, such as clicking on a link or visiting a malicious website, to unintentionally initiate an attack.

Q2:
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie. One of the primary goals of XSS attacks is to steal user authentication tokens or session cookies and attacks can be used to fixate a user's session, where an attacker sets or manipulates the user's session ID

  1. Stored XSS (Persistent):

    • Scripts are permanently stored on the server.
    • Executed when users visit a specific page.
    • Impact can last across multiple sessions.
  2. Reflected XSS (Non-Persistent):

    • Scripts are embedded in URLs or form inputs.
    • Executed when users interact with a crafted link or form.
    • Typically a one-time event; the script is not stored on the server.

Q3:
a code-based vulnerability that allows an attacker to read and access sensitive data from the database

Q4 :
this the the vulnerable part: (username=${username} AND password=${password}`;),
a way the attackers can misuse it is by: classic SQL injection in which an attacker could input a specially crafted value for the username or password parameter to manipulate the SQL query

Q5:
End2End is basically where whatever is outputted from the server goes out encrypted, and all the way until it reaches the end user, only then is it decrypted. WhatsApp, Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys the keys change with every single message that's sent

@Dana8392
Copy link

Room 11 : Dana Maraqa, Musab Sakhreyah, Aya Abu Al Hummos, Sanad Al Shobaki,

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.CSRF attacks exploit the trust a Web application has in an authenticated user. by using HTTP requests to deceive the victim's browser into sending forged request to a target site where the victim is authenticated.

it is called one-click attack because it usually takes one click on a malicious link or a visit to a malicious website for the attack to initiate.

Q2:
An XSS (Cross-Site Scripting) attack occurs when an attacker injects malicious scripts into content from a trusted website, which then gets executed in the victim's browser.The connection between XSS and cookies/sessions is that attackers often use XSS to steal session cookies or tokens. By injecting scripts that send the user's cookies to the attacker, they can hijack the user's session and impersonate them.

XSS Categories : Stored (persistent): The malicious script is permanently stored on the target server
Reflected(Non-persistent):The malicious script is included in a request sent to the server,and the server includes it in the response.

Q3:

  • SQL injection is a type of cyber attack that occurs when an attacker inserts or manipulates malicious SQL code into input fields of a web application
  • The goal of SQL injection is to trick the application into executing unintended SQL queries, which can lead to unauthorized access, data manipulation, and potentially full control of the database

Q4-
The SQL command is vulnerable to SQL injection because it directly includes user-provided data (username and password) in the SQL query. An attacker could provide a specially crafted username or password that alters the SQL command. For example, if an attacker provides "admin'; --" as the username, the SQL command becomes SELECT Count(*) FROM Users WHERE username='admin'; -- AND password=${password}, which could allow unauthorized access if 'admin' is a valid username.

or SQL injection can be implemented to change the code from mentioned above to SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; which will always evaluate to true so the authentication for the username and password will always return the data .

Q5-
End-to-End Encryption (E2EE): E2EE is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. A well-known app that uses E2EE is WhatsApp. WhatsApp uses the Signal Protocol to implement end-to-end encryption. When you send a message, it is secured with a lock, and only the recipient has the special key to unlock and read the message.

@JanaAbuHaltam
Copy link

Jana, Banan, Hala, Hadeel
Q1
A CSRF (Cross-Site Request Forgery) attack involves unauthorized actions taking place on a website using the credentials of a trusted user, often without their knowledge. To prevent such attacks, developers implement security measures like anti-CSRF tokens and follow best practices. In a CSRF attack, the attacker deceives the user into triggering unauthorized commands on a trusted website through a manipulated HTTP request. Developers use anti-CSRF tokens in HTTP requests to validate their authenticity and reduce the risk of unauthorized commands being executed. The term "one-click attack" is used to underscore that in many cases, a single click by the user is sufficient to initiate the attack, using the user's active session on the targeted website to execute unauthorized actions.

Q2
XSS attack is short for cross-site scripting. XSS attacks are type of injection in which attackers inject malicious scripts in the code of trusted websites
Categories:
Reflected XSS (non-persistent / Type I)
Stored XSS (Persistent / Type II)
DOM-based XSS (Type 0)
Connection between XSS and sessions/cookies:
XSS attacks can access the cookies including session cookies of the users so the attacker can impersonate legitimate users and gain unauthorized access.

Q3
SQL injection is a type of cyber attack where an attacker inserts or manipulates malicious SQL (Structured Query Language) code into input fields of a web application. The intention is to exploit vulnerabilities in the application's code that doesn't properly validate or sanitize user input.

The attacker's goals with SQL injection can include:

Unauthorized Access: By injecting malicious SQL code, attackers may gain unauthorized access to a database, retrieve, modify, or delete data.
Data Manipulation: Altering or deleting data within the database, potentially causing data loss or corruption.
Authentication Bypass: Using SQL injection to bypass login mechanisms, gaining access to restricted areas of an application.
Information Disclosure: Retrieving sensitive information from the database that wasn't meant to be accessible, such as usernames, passwords, or other confidential data.

Q4
The provided SQL command is susceptible to SQL injection, a prevalent security vulnerability in web applications. The vulnerability stems from the direct interpolation of user inputs (username and password) into the SQL query string in the given code:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

• The risk lies in the direct interpolation of user inputs, allowing an attacker to potentially manipulate the SQL query by controlling the values of username and password in a malicious manner. This manipulation could lead to unauthorized actions or the extraction of sensitive information. An example of a malicious input could be:
username: '1'='1';
This input will always evaluate to true, showcasing the potential danger associated with SQL injection vulnerabilities.

Q5
End-to-end encryption refers to a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. In this process, the data is encrypted at the sender's end and only the recipient is able to decrypt it. This means that even the service provider or network operator in the middle of the communication cannot access the unencrypted data. It ensures that the data is secure and private throughout the entire communication process.
One well-known app that utilizes end-to-end encryption (E2EE) is WhatsApp. WhatsApp utilizes E2EE to secure all communications, including text messages, voice calls, video calls, and file transfers, between users. When a message is sent, it is encrypted on the sender's device and can only be decrypted by the recipient's device. This ensures that the content of the messages remains private and secure, even if the messages are intercepted during transmission. The use of E2EE in WhatsApp provides users with a high level of privacy and security in their communications.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment