- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Room 3:-
Members:- Zainab Mirza - Rafeef Thamer - Shkar Gharib - Omer Sardar - Ahmed Jalal
1/ A CSRF (Cross-Site Request Forgery) attack is a type of exploit where an attacker tricks a logged-in user into unknowingly executing malicious actions on a trusted website. This attack is executed through forged HTTP requests that appear legitimate to the website, exploiting the user's authenticated session. It's called a "one-click attack" because it can be triggered with a single click by the victim, requiring no additional authentication.
2/ An XSS (Cross-Site Scripting) attack injects malicious scripts into a website, which can then execute in users' browsers. It can steal cookies or session tokens, leading to unauthorized access. The two main categories are:
Stored XSS: The injected script is permanently stored on the server, affecting all users who access the vulnerable page.
Reflected XSS: The injected script is reflected off the web server, usually via a link or input field, targeting a specific user at the time of the attack.
3/ SQL injection is a type of cyber attack where malicious SQL (Structured Query Language) code is inserted into input fields of a web application, exploiting vulnerabilities in the application's database layer. The attacker's intention is typically to gain unauthorized access to the database, retrieve sensitive information, modify or delete data, or execute arbitrary commands on the database server.
4/ The SQL command is vulnerable to SQL injection due to the lack of input validation and sanitization. Attackers can exploit this vulnerability to bypass authentication, extract sensitive information, manipulate data, or compromise the entire database server.
Attackers can misuse this vulnerability in several ways:
SQL Injection
Authentication Bypass
Information Disclosure
Data Manipulation
Database Server Compromise
5/ End-to-end encryption (E2EE) ensures that only the sender and recipient can access the content of their communication by encrypting messages on the sender's device and decrypting them on the recipient's device. WhatsApp uses E2EE by generating cryptographic keys for each user's device, exchanging public keys to encrypt messages, and ensuring that encryption keys are not stored on its servers, thus maintaining the confidentiality of conversations.
Telegram is a big example of this method.