Which type of vulnerability allows an attacker to execute a script in a user browser?

OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web applications.

The organization publishes a list of top web security vulnerabilities based on the data from various security organizations.

The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.

• Exploitability –

  What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.

• Detectability –

  How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.

• Impact or Damage –

  How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.

The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities.

The Top 10 security vulnerabilities as per OWASP Top 10 are:

• SQL Injection
• Cross Site Scripting
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross Site Request Forgery
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards

SQL Injection

Description

Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data.

Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data.

The SQL command which when executed by web application can also expose the back-end database.

Implication

• An attacker can inject malicious content into the vulnerable fields.
• Sensitive data like User Names, Passwords, etc. can be read from the database.
• Database data can be modified (Insert/Update/ Delete).
• Administration Operations can be executed on the database

Vulnerable Objects

• Input Fields
• URLs interacting with the database.

Examples:

• SQL injection on the Login Page

Logging into an application without having valid credentials.

Valid userName is available, and password is not available.

Test URL: http://demo.testfire.net/default.aspx

User Name: sjones

Password: 1=1′ or pass123

SQL query created and sent to Interpreter as below

SELECT * FROM Users WHERE User_Name = sjones AND Password = 1=1′ or pass123;

Recommendations

1. White listing the input fields
2. Avoid displaying detailed error messages that are useful to an attacker.

Cross Site Scripting

Description

Cross Site Scripting is also shortly known as XSS.

XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation.

Attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites.

XSS is an attack which allows the attacker to execute the scripts on the victim’s browser.

Implication:

• Making the use of this security vulnerability, an attacker can inject scripts into the application, can steal session cookies, deface websites, and can run malware on the victim’s machines.

Vulnerable Objects

• Input Fields
• URLs

Examples

1. http://www.vulnerablesite.com/home?”