Impact Of Bugs - Injections
- Sql Injection
- NoSql Injection
- Os Command Injection
- LDAP Injection
- Host Header Injection
- Xpath Injection
- XSS (Cross Site Scripting)
Let's discuss the impact of each bug.Firstly, SQL Injection. We are very familiar with this bug but do you know, how much impact it can show on the web application?
Whenever a database is compromised, then we may call it SQL injection. So, many of us will show the impact as 'Attacker can access sensitive information in the database' or something like that. In some cases, we can bypass the authentication page. But actually, we can go up to remote code execution on the server with SQL injection. Sounds strange, but it's true. It all depends on the privileges of the database user. For example, we have a database user 'admin@localhost'. This user has privileges to read a file. So, once we find the SQL injection bug. We can read files on the remote server using his privileges. If the user has the write privileges, we can make changes in the files on the server. This is where the remote code execution takes place. We can do it manually or we can use sqlmap to make things easier for us. This kind of impact is only for generic and error-based SQL injection and it won't be applicable for boolean-based blind and time-based SQL injections.
In boolean and time-based, the attacker tries to compare the data with the attacker-supplied and the data present in the database. There is also something called Second-Order SQL Injection. This is a very rare BUG. I'm assuming that most people are unaware of it. Pardon me if I'm wrong. Using second-order SQL injection, we can corrupt the whole database. This means that we can log in as any user in the database without having their password. That can be done by applying some SQL payloads.Secondly, we have NoSQL injection, nowadays usage of NoSQL is increasing. In future, we might be using NoSQL databases only. NoSQL databases are different from SQL databases. They use data structures to store the data whereas SQL uses tables to store data. They use JSON format to communicate with the database server. When an attacker can control the objects that are sent through the JSON data to the database server. Then we call it NoSQL Injection. So, let's talk about the impact. Using NoSQL injection, we can enumerate usernames and passwords. we can change passwords using access tokens, and the most important thing is we can execute code remotely using NoSQL injection.
Thirdly, we have OS Command Injection. This Bug allows an attacker to run OS Commands on the system remotely. Using this bug, we show Remote Code Execution Impact and this says it all as it can be the highest impact. Let's move into the next bug.LDAP Injection, LDAP is an authentication service protocol between the server and client and is also used to maintain the directory information on the internet protocol. Using this LDAP injection, an attacker can bypass the authentication mechanisms using wildcard characters. Using LDAP injection, we can find the available resources on the servers. This can be done on eCommerce sites. We can also bypass the access control mechanisms which can lead to accessing sensitive data. The highest impact will be on privilege escalation, an attacker can escalate privileges to a superuser using LDAP. Next, we have Host Header Injection. When a server fails to validate the header, the attacker can inject malicious headers into the request. Then we have Host Header Injection. Using this injection bug, we can do an open redirect to any malicious website. Mainly, this will show a very high impact on cache servers. When the attacker tries to inject some malicious headers into the requests. If the server caches the response and sends it to the remaining users who send the request up to a particular time. This is called Web Cache Poisoning. Using web Cache poisoning, we can do xss, execute code on the client's browser, redirect the client. This will be possible if the cache response is alive. Once it is deleted from the cache we can't do it.
Next, we have XPath Injection, When an XML database is used. XPATH(XML path Language) is used to get data from the XML document. These are Flat file database types. Using XPATH injection, we can bypass login pages. XPath injection is very similar to SQL injection. An attacker can get all the data from the XML document using the XPATH injection.
We all know about our next bug. It is the favourite for many of us, XSS(Cross-Site Scripting). Well, we all know about it and we do search for some XSS bugs. But are we able to show the Right Impact? What actually XSS can do? Let's find some answers here.
We have three types of xss bugs.
Using these three types, we can actually steal the cookies of the users. Well, stealing cookies, session tokens are quite popular impacts in XSS. But other than that we can deface a website. Defacing in this sense, we can control the HTML elements in the web page. We can retrieve the data from the webpage. In DOM-based, we can control the data flow using xss.
I hope everyone is clear with the impacts of each type of bug in the injection category. Let us know your queries.
Stay tuned for the next category...
Keep Learning and Keep Growing...