Thursday, December 9, 2021

IMPACT OF BUGS

Impact Of Bugs - Injections



We all know about the OWASP top 10 vulnerabilities. In those 10 categories, there are several types of bugs with different impacts. When a researcher finds a bug, he/she has to show the maximum impact of the bug on the web application. If they fail in showing the impact then even if it's a valid bug the security team won't accept it. That is why showing impact is very important in bug bounty. This series impact of bugs is mainly focused on freshers and bug hunters to provide basic information about the impact of each bug. 


Let's begin with Injections, Injection is a popular category in OWASP Top 10. Many researchers always hunt for bugs belonging to this category. Not because it is so popular, but because of its high impact. If you don't understand what I'm talking about then let's dig in.

We have different kinds of injections:
  •  Sql Injection 
  •  NoSql Injection 
  •  Os Command Injection 
  •  LDAP Injection 
  •  Host Header Injection 
  •  Xpath Injection
  •  XSS (Cross Site Scripting)

Let's discuss the impact of each bug. 



Firstly, SQL Injection. We are very familiar with this bug but do you know, how much impact it can show on the web application? 

Whenever a database is compromised, then we may call it SQL injection. So, many of us will show the impact as 'Attacker can access sensitive information in the database' or something like that. In some cases, we can bypass the authentication page. But actually, we can go up to remote code execution on the server with SQL injection. Sounds strange, but it's true. It all depends on the privileges of the database user. For example, we have a database user 'admin@localhost'. This user has privileges to read a file. So, once we find the SQL injection bug. We can read files on the remote server using his privileges. If the user has the write privileges, we can make changes in the files on the server. This is where the remote code execution takes place. We can do it manually or we can use sqlmap to make things easier for us. This kind of impact is only for generic and error-based SQL injection and it won't be applicable for boolean-based blind and time-based SQL injections. 

In boolean and time-based, the attacker tries to compare the data with the attacker-supplied and the data present in the database. There is also something called Second-Order SQL Injection. This is a very rare BUG. I'm assuming that most people are unaware of it. Pardon me if I'm wrong. Using second-order SQL injection, we can corrupt the whole database. This means that we can log in as any user in the database without having their password. That can be done by applying some SQL payloads.



Secondly, we have NoSQL injection, nowadays usage of NoSQL is increasing. In future, we might be using NoSQL databases only. NoSQL databases are different from SQL databases. They use data structures to store the data whereas SQL uses tables to store data. They use JSON format to communicate with the database server. When an attacker can control the objects that are sent through the JSON data to the database server. Then we call it NoSQL Injection. So, let's talk about the impact. Using NoSQL injection, we can enumerate usernames and passwords. we can change passwords using access tokens, and the most important thing is we can execute code remotely using NoSQL injection.

Thirdly, we have OS Command Injection. This Bug allows an attacker to run OS Commands on the system remotely. Using this bug, we show Remote Code Execution Impact and this says it all as it can be the highest impact. Let's move into the next bug.



LDAP Injection, LDAP is an authentication service protocol between the server and client and is also used to maintain the directory information on the internet protocol. Using this LDAP injection, an attacker can bypass the authentication mechanisms using wildcard characters. Using LDAP injection, we can find the available resources on the servers. This can be done on eCommerce sites. We can also bypass the access control mechanisms which can lead to accessing sensitive data. The highest impact will be on privilege escalation, an attacker can escalate privileges to a superuser using LDAP. 



Next, we have Host Header Injection. When a server fails to validate the header, the attacker can inject malicious headers into the request. Then we have Host Header Injection. Using this injection bug, we can do an open redirect to any malicious website. Mainly, this will show a very high impact on cache servers. When the attacker tries to inject some malicious headers into the requests. If the server caches the response and sends it to the remaining users who send the request up to a particular time. This is called Web Cache Poisoning. Using web Cache poisoning, we can do xss, execute code on the client's browser, redirect the client. This will be possible if the cache response is alive. Once it is deleted from the cache we can't do it. 

Next, we have the ssrf type. Using the Host Header Injection bug, We can do SSRF. In some conditions, we can take over the victim's account using this bug.

Next, we have XPath Injection, When an XML database is used. XPATH(XML path Language) is used to get data from the XML document. These are Flat file database types. Using XPATH injection, we can bypass login pages. XPath injection is very similar to SQL injection. An attacker can get all the data from the XML document using the XPATH injection. 

We all know about our next bug. It is the favourite for many of us, XSS(Cross-Site Scripting). Well, we all know about it and we do search for some XSS bugs. But are we able to show the Right Impact? What actually XSS can do? Let's find some answers here.

We have three types of xss bugs. 
1) Reflected
2) Stored
3) DOM-based. 

Using these three types, we can actually steal the cookies of the users. Well, stealing cookies, session tokens are quite popular impacts in XSS. But other than that we can deface a website. Defacing in this sense, we can control the HTML elements in the web page. We can retrieve the data from the webpage. In DOM-based, we can control the data flow using xss.

I hope everyone is clear with the impacts of each type of bug in the injection category. Let us know your queries.

Stay tuned for the next category...

Thank You...


Keep Learning and Keep Growing...

5 comments:

  1. Hi everyone, it’s my first visit at this web site, and piece of writing is really fruitful for me, Quality content is the key to invite the users to go to see the site, that’s what this website is providing. Keep up posting these articles or reviews. You can also visit Top Antivirus for pc for more related information and knowledge.

    ReplyDelete
  2. I just need to say this is a well-informed article which you have shared here about hoodies.trusted cyber security consulting firm It is an engaging and gainful article for us. Continue imparting this sort of info, Thanks to you.

    ReplyDelete
  3. The information in the post you posted here is useful because it contains some of the best information available. Thanks for sharing it. Keep up the good work Cyber Security Operations Consulting Firm.

    ReplyDelete
  4. It is really a helpful blog to find some different source to add my knowledge. Vonex dealer

    ReplyDelete
  5. You've shared such a beautiful collection with us. During this photograph, I appreciated Cyber Security Program in USA the way you expressed your thoughts. Thank you for sharing your blog with us.

    ReplyDelete

IMPACT OF BUGS

Impact Of Bugs - Injections We all know about the OWASP top 10 vulnerabilities. In those 10 categories, there are several types of bugs with...