An attacker embeds harmful code onto the server and uses the code to forge a webpage. When a user opens the webpage, the malicious code will be injected into the user’s browser to mount attacks. The attacker can then steal the session cookies to obtain user’s private information, including passwords and other sensitive information.
XSS attacks are directly harmful to web servers, but they can spread from website to website to impair the users and steal their accounts or passwords. XSS attacks various types of damage as described:
- Hanging Trojans on websites: Typical attacks embed hidden malicious websites through IFrame during cross-site access. It then redirects victims to malicious websites, and displays dialog boxes for malicious websites.
- Identity theft: Cookies are used to authenticate user identities when the user loads a specified website. XSS can be exploited to steal the user’s cookie and obtain user’s permission to perform operations on the website. If a website administrator’s cookies are stolen, the website gets exposed to threats.
- Spamming: XSS vulnerabilities are exploited to send unwanted information on behalf of the victim to target user groups in an SNS community.
- Hijacking users’ web behaviors: An advanced type of an XSS attack can hijack users’ web behaviors to monitor the browsing history and sent/received data.
- XSS worm: XSS worms place advertisements, generate traffic, embed Trojan virus on websites, play pranks, corrupt online data, and mount DDoS attacks.
HTTP response splitting is also called the CRLF injection attack. CR and LF correspond to the carriage return and line feed characters.
An HTTP header consists of multiple lines separated by the combinations of CRLF characters. Each line is in the structure of Key: Value.
If the CRLF characters are injected into a portion of the value input by the user, the HTTP header structure may be changed.
By injecting self-defined HTTP header information (such as session cookie or HTML code), an attacker can launch XSS attacks or session fixation vulnerability attacks.
Web SQL injection is a security vulnerability that occurs at the database layer for apps. It is used to obtain website control permission illegally. Some apps may overlook checking on SQL instructions in input character strings. As a result, these instructions are falsely considered as normal SQL instructions and executed by the database. When this happens, the database is more prone to attacks, which may lead to data theft, or modification, deletion, or even insertion of malicious code and backdoors into websites.
SQL injection attacks may cause the following damages:
- Confidential data may be stolen.
- Core business data may be tampered with.
- Web pages may be defaced.
- Database servers may be turned into zombie hosts by attacks, or the enterprise website may be attacked.
A webshell attack is structured to write webpage-based Trojan viruses into websites to control corresponding servers.
Attackers may write web-based Trojan backdoors into websites to operate files and run commands on these websites.
Local file inclusion is a type of vulnerability that occurs when an app code fails to implement strict control over the processing of included files. As a result, attackers can execute uploaded static files or website log files as code.
Attackers may exploit this vulnerability to execute commands on servers to get server operation permission. This can then lead to malicious deletion of websites or tampering of user data.
Remote file inclusion is a type of vulnerability that occurs when an app code fails to implement strict control over the processing of included files. As a result, attackers can construct parameters including remote code for execution on servers.
Attackers can exploit this vulnerability to execute commands on servers to get server operation permission. This can then lead to malicious deletion of websites or tampering of user data.
Remote code execution is a high-risk security vulnerability. It allows an attacker to exploit a code vulnerability of a server to execute malicious user input on the server.
Attackers can use the vulnerability to execute assembled codes.
FastCGI attack is a severe security vulnerability in Nginx. By default, the FastCGI module may cause servers to incorrectly parse any file types in PHP mode.
Malicious attackers may destroy an Nginx server supporting PHP.