- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
mohmmad smadi , Gorgees Odisho , Mohamad Sheikh Alshabab , Hayder Abu -Al-Hummos
Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering, an attacker may trick the users of a web application into executing actions of the attacker’s choosing, The attack takes advantage of the browser includes the user's authentication credentials with every request to the targeted site like when user try to log in, while his request get to the server the attacher or the hacker can implement the request. Man in the middle Is how CSRF can exploit when a user logs into a website, the server typically issues a session cookie to the user. This cookie is stored by the user's browser and is sent automatically with every subsequent request to the same domain. the reason why it's called a one click attack is: the victim typically needs to perform just one action, such as clicking on a link or visiting a malicious website, to unintentionally initiate an attack.
Q2:
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie. One of the primary goals of XSS attacks is to steal user authentication tokens or session cookies and attacks can be used to fixate a user's session, where an attacker sets or manipulates the user's session ID
Stored XSS (Persistent):
Reflected XSS (Non-Persistent):
Q3:
a code-based vulnerability that allows an attacker to read and access sensitive data from the database
Q4 :
this the the vulnerable part: (username=${username} AND password=${password}`;),
a way the attackers can misuse it is by: classic SQL injection in which an attacker could input a specially crafted value for the username or password parameter to manipulate the SQL query
Q5:
End2End is basically where whatever is outputted from the server goes out encrypted, and all the way until it reaches the end user, only then is it decrypted. WhatsApp, Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys the keys change with every single message that's sent