More than 38% of hackers answered XSS vulnerability, followed by SQL injection, fuzzy testing, business logic, information collection, SSRF, RCE, enumeration, reverse engineering, IDOR, Brute force attack, Injection, CSRF, validation, XXE, DDoS.
Common network attack modes and description
Attack Mode description
XSS holes XSS
The attack usually refers to the use of loopholes left in the development of web pages, through clever methods to inject malicious instruction code to the web page, the user load and execute the malicious web page program made by the attacker. These malicious web programs are usually
JavaScript, but it can actually include Java, VBScript, ActiveX, Flash, or even plain vanilla
HTML. After a successful attack, the attacker may gain various contents including but not limited to higher permissions (such as performing some operations), private web content, sessions and cookies.
SQL injection follows
B/S
The growth of pattern application development and the increasing number of programmers writing applications using this pattern. However, due to the level and experience of programmers are also uneven, quite a large number of programmers do not judge the validity of user input data when writing code, so that the application program has security risks. The user can submit a piece of database query code, according to the results returned by the program, to obtain some of the data he wants to know, this is called
SQL Injection: SQL Injection
Fuzzy testing is a method of detecting software vulnerabilities by providing unexpected inputs to the target system and monitoring abnormal results
The business logic attacks by looking for loopholes in the business logic itself, such as modifying the submitted payment amount when submitting an order. If the background does not do secondary verification and directly uses dirty data, the platform wool can be collected
Information collection?
SSRFServer- Side Request Forge. The server requests forgery to obtain data that the client cannot obtain. SSRF vulnerability is mainly caused by the fact that the interface provided by the server contains THE URL parameters of the content to be requested, and the URL parameters transmitted by the client are not filtered.
RCEremote command/code execute vulnerability allows attackers to write server system commands or codes directly to the background server remotely to control the background system. RCE is divided into remote connection command execution ping and remote code execution evel command Trojan.
Enumeration Logs in to the server using dictionary enumeration passwords. The login port of a common server is 22 (Windows Server: 3389) and the user name is root (Windows)
Server: administrator), which can be brute-force cracked by enumerating passwords. Through SSH
After logging in to the server, you will often see the number of failed login records, which are the traces of server login password cracking by force. You can change the port number, the default user name, and the maximum login times
Avoid using IP blacklist.
Reverse engineering restores source code using reverse techniques, such as decompilation. Remember to see a news that a company through decompilation redo a pirated wechat, but also with the genuine wechat connectivity
IDORIDOR will allow an authorized user to access information about other users, meaning that an authorized user can access objects that he or she is not authorized to access by changing a parameter when accessing them. This is a code logic specification issue that limits what users can read and write while logged in
Violence against brute force attack is sometimes called a password cracking, its execution purpose is usually found the login credentials and get access to web sites, in order to achieve data theft, vandalism, or distribute malicious software, the purpose of these activities, in turn, can be used to start the brute force attack, on the other target DDoS and various types of network attacks. The load on the attacked server increases.
Injection –
CSRFCross-site
request
Forgery, cross-site request forgery, is an attack method that tricks a user into performing an unintended action on a currently logged Web application. Compared to cross-site scripting (XSS), XSS
CSRF leverages a user’s trust in a given web site. CSRF leverages a web site’s trust in a user’s Web browser. A common workaround, such as adding a hidden CSRF to the submitted form in Yii2
Validation field. The server validates each request to confirm that the user made the request.
Validation –
XXEXML
External Entity, External Entity injection attack, through XML entities, “SYSTEM” keyword can cause XML parser from local files or remote URIs
To read data. So an attacker can use XML
If you have a problem with C/C++ one item is a very enthusiastic one (● ‘◡’ ●).
The entity passes its own constructed malicious value and the handler parses it. When an external entity is referenced, malicious content can be created to read arbitrary files, execute system commands, detect Intranet ports, and attack Intranet websites.
DDoSDistributed denial of service attack A DDoSDistributed denial of service attack enables multiple computers to be attacked at the same time, preventing the attack target from functioning properly. Service providers provide traffic packets to defend against DDos attacks.