Is the web nowadays getting safer every day, or not? Maybe it is not so safe after all.
There are many tools nowadays to find vulnerabilities in a web. If a website uses an old version of a CMS, which can be easily determined by a skilled hacker, it is essential these days to keep our software updated. Otherwise, an attacker could search the change-log of CMS for everything related to vulnerability corrections in later versions than are currently available.
There are also other tools to hack websites, but right now try to explain what kind of vulnerabilities a web can have using a DIY “Do-It-Yourself) approach. This article does not propose to demonstrate a new type of vulnerability, nor does it pretend to be the demonstration of very advanced knowledge. It is simply a basic explanation of some types of vulnerabilities that can be found on a website and how they can be exploited. It is about:
- SQL Injections
- Local file inclusion / Remote file inclusion
Very often, it is thought that only the database can be accessed through SQL. This is generally the case, but SQL is a very versatile language and allows us to do many things ... including reading files on the hard drive. In any case, access to the database is quite catastrophic in itself.
In a SQL Injection attack, the code to be executed is obtained from some parameter of the URL, such as
This is true in many web applications, and everything is perfect as long as the information sent by the user is filtered. Since the user input was not escaped, if we visited this URL, we would be surprised that it shows us the user passwords (hashed with MD5, which can be easily broken).
Doing this makes the query that we make be transformed into
SELECT first_name, last_name FROM users WHERE user_id = ‘1' or 1 UNION select password as first_name, user_id from users # ‘
Those who are paying attention will be asked how I found out that the password field was called password, how I found out that the user_id field was called user_id and how I found out that the users table was called users. It’s simple, since the web is mine and I installed it, I looked in the database: D
Cross Site Scripting (XSS)
Cross site scripting is a vulnerability that arises when receiving by some means information that will later be embedded in the HTML of our page without escaping it correctly. There are two types of XSS injection that we can find, to which we refer in English, how to reflect and stored. The first is created by modifying some parameter by getting to some value that the administrator did not wait for, and the second one is generated by displaying information previously saved in the database.
With the vulnerabilities of this type, we can do many things, among which is to abuse the trust that the browser of the user has with the site. The website localhost, when browsing for the first time created in my browser a cookie that stores all the information about me, a session id. There is only one way the server can differentiate and identify users. Once we obtain a user’s cookie, we can impersonate their identity.
The stored XSS follows the same logic, except that the information is stored in the database.
The file inclusion can be found when a web application includes files based on the input of a user. There are two types of file inclusion, the local file inclusion, and the remote file inclusion. As their names indicate, the local includes local files and the remote includes remote data, all this concerning the server.
I hope you liked it! I know this is not easy to carry out on your own. Hire a hacker to hack any website or database by sending a request to RootGateto use the service for any SQL injection attack, DDoS attack, Cross Site Scripting, etc.