Web Security Vulnerabilities Quiz

Questions and Answers

What is SQL Injection?

A technique used to inject malicious SQL code into a database

Which of the following is a common consequence of a successful SQL injection attack?

• Data compression
• Unauthorized data access (correct)
• Slower database performance
• Data encryption

What can prevent SQL injection attacks?

• Using parameterized queries (correct)
• Disabling the database
• Using stored procedures without user input validation
• Writing longer SQL queries

Which of the following is an example of a SQL injection payload?

1=1 (B)

What is Cross-Site Scripting (XSS)?

A vulnerability that allows an attacker to insert malicious JavaScript into a webpage

Which type of XSS occurs when malicious code is embedded in a URL and executed in the user's browser?

Reflected XSS (B)

What is a common consequence of a successful XSS attack?

Session hijacking (B)

Which of the following can prevent XSS attacks?

Escaping user input (B)

What is Session Hijacking?

Intercepting a valid user session to steal data or perform unauthorized actions

Which of the following is a common method of session hijacking?

Cross-site scripting (XSS) (C)

Which technique can help prevent session hijacking?

Using encrypted cookies and HTTPS (A)

What is the main security flaw exploited in session hijacking?

Insecure transmission of session cookies (C)

Which of the following is an indication of a possible SQL Injection vulnerability?

Users can view sensitive data they are not authorized to access (D)

What is the primary goal of an attacker using SQL injection?

To manipulate or retrieve data from the database

Which of the following is a simple SQL injection attack string?

' OR '1'='1' -- (B)

A parameterized query is effective in preventing which type of attack?

SQL Injection (A)

Which database error might indicate an attempted SQL injection attack?

SQL syntax error (C)

Which type of XSS attack occurs when malicious scripts are permanently stored on a target server?

Stored XSS (B)

How can Content Security Policy (CSP) help in preventing XSS attacks?

By only allowing trusted sources to execute scripts

Which of the following is a likely symptom of a successful XSS attack?

A user sees unexpected pop-ups or alerts on a webpage (D)

Which HTML element is most likely to be exploited in an XSS attack?

<script> (D)

In a reflected XSS attack, what is the main characteristic that distinguishes it from stored XSS?

The malicious script is immediately reflected back to the user's browser without being stored (B)

Which of the following could be a sign that session hijacking has occurred?

The user is logged out unexpectedly, and unauthorized actions are taken (C)

Which of the following attacks involves stealing cookies to hijack a session?

Cross-Site Scripting (XSS) (B)

Which of the following can reduce the risk of session hijacking?

Using long session IDs (D)

Why is HTTPS important in preventing session hijacking?

It encrypts the data, making it harder for attackers to intercept session tokens (A)

What is a common technique used in session hijacking to gain control over a session?

Stealing the session ID via a browser cookie (B)

Which of the following is a type of SQL Injection where the attacker can retrieve data directly from the database?

Error-based SQL Injection

What type of SQL Injection occurs when the application does not return any database error messages, but the attacker can infer database information through conditional responses?

Boolean-based Blind SQL Injection

Which type of SQL Injection uses the UNION operator to combine results from multiple SELECT statements?

Union-based SQL Injection (B)

What is the main goal of a SQL injection attack?

The main goal of a SQL injection attack is to manipulate a web application's database by injecting malicious SQL queries to retrieve, modify, or delete sensitive data, bypass authentication, or execute administrative operations.

Describe Error-based SQL Injection.

Error-based SQL Injection relies on causing database errors that return information about the database structure, such as table names or column names, to the attacker. This technique is used to extract data by exploiting error messages.

How does Boolean-based Blind SQL Injection work?

Boolean-based Blind SQL Injection works by sending SQL queries that cause the application to return different responses (e.g., true or false) depending on the query's result. The attacker can infer information about the database without seeing actual data or error messages.

What is Union-based SQL Injection?

Union-based SQL Injection uses the UNION operator to combine the results of a legitimate query with the results of a malicious query. This allows the attacker to retrieve additional data from the database and append it to the original query's result.

What are the three main types of XSS attacks?

The three main types of XSS attacks are:

Stored XSS: Malicious scripts are permanently stored on the target server (e.g., in a database) and executed when users load the affected page.

Reflected XSS: The malicious script is included in a URL or form input and executed immediately when the server reflects it back in the response.

DOM-based XSS: The attack happens on the client-side when JavaScript modifies the web page's DOM (Document Object Model), allowing malicious code to be executed.

How does Stored XSS differ from Reflected XSS?

In Stored XSS, the malicious script is stored on the server (e.g., in a database) and executed whenever users access the page. In Reflected XSS, the script is not stored but rather injected into a URL or input, and it is immediately executed as part of the server's response to the user.

How does session hijacking typically occur?

Session hijacking typically occurs when an attacker steals or intercepts a user's session ID, usually through methods like network sniffing, cross-site scripting (XSS), or session fixation. Once the attacker has the session ID, they can use it to impersonate the user.

What is a session ID, and why is it important in session management?

A session ID is a unique identifier that a server assigns to each user during a session, allowing the server to track user actions and maintain their authenticated state. It is important because it ensures continuity between multiple requests during a session, such as when a user logs in and navigates a website.

Flashcards

SQL Injection

A technique used to inject malicious SQL code into a database, often to manipulate or retrieve data.

Consequence of SQL Injection?

Unauthorized access to data stored within a database.

Preventing SQL Injection

A method that prevents attackers from injecting malicious SQL code by separating data and queries.

SQL Injection Payload

A string of characters that can be used to exploit a SQL Injection vulnerability, often tricking the database into returning unintended results.

Cross-Site Scripting (XSS)

A type of web security vulnerability that allows attackers to inject malicious JavaScript code into a web page, often targeting user interactions.

Reflected XSS

A type of XSS attack where malicious scripts are embedded within URLs and executed when the user clicks on the link.

Session Hijacking

The ability of an attacker to hijack a user's session after they have logged in, allowing them to access sensitive data or perform actions as the user.

Session Hijacking Method

Cross-Site Scripting (XSS) attacks are a common method for carrying out session hijacking.

Error-based SQL Injection

A type of SQL Injection that relies on database error messages to reveal information about the database structure.

Boolean-based Blind SQL Injection

A type of SQL Injection where the attacker can guess database information by observing the application's response to specific queries.

Union-based SQL Injection

A type of SQL Injection that uses the UNION operator to combine results from multiple queries, often extracting data from the database.

Sign of SQL Injection

A user might be able to view data that they are not authorized to access.

SQL Injection Goal

The primary goal of a SQL Injection attack is to manipulate or retrieve data from the database.

Simple SQL Injection String

A simple SQL Injection string that always evaluates to true, allowing the attacker to bypass authentication checks.

Preventing SQL Injection

Using parameterized queries is a key technique for preventing SQL Injection attacks.

SQL Injection Error

A database error, such as a syntax error, can indicate an attempted SQL Injection attack.

Stored XSS

A type of XSS attack where malicious scripts are permanently stored on the target server and executed whenever the page loads.

Preventing XSS with CSP

Content Security Policy (CSP) helps prevent XSS attacks by controlling which sources can execute scripts.

Sign of XSS

A user may notice unexpected pop-ups or alerts on a webpage.

XSS Target Element

The input element is often targeted in XSS attacks because it allows users to enter arbitrary text, which could be used to inject malicious scripts.

Characteristics of Reflected XSS

Reflected XSS is characterized by the malicious script being immediately reflected back to the user's browser without being stored on the server.

Sign of Session Hijacking

A user might be logged out unexpectedly, and unauthorized actions may be taken.

XSS and Session Hijacking

Cross-Site Scripting (XSS) is a common attack method used in session hijacking.

Preventing Session Hijacking

Using longer session IDs can reduce the risk of session hijacking by making it harder for attackers to guess or intercept them.

HTTPS and Session Hijacking

HTTPS encrypts data during transmission, making it harder for attackers to intercept session information.

Session Hijacking Technique

A common technique in session hijacking is stealing the session ID through a cookie.

Study Notes

SQL Injection

• A technique used to inject malicious SQL code into a database.
• A common consequence of a successful SQL injection attack is unauthorized data access.
• Using parameterized queries can prevent SQL injection attacks.
• An example of a SQL injection payload is ' OR '1'='1' --.

Cross-Site Scripting (XSS)

• A vulnerability that allows attackers to insert malicious JavaScript into a webpage.
• A common consequence of a successful XSS attack is database corruption.
• Escaping user input can prevent XSS attacks.
• Reflected XSS occurs when malicious code is embedded in a URL and executed in the user's browser.
• Stored XSS occurs when malicious code is permanently stored on a server.
• An example of an XSS payload is <script>alert("XSS")</script>.

Session Hijacking

• Intercepting a valid user session to steal data or perform unauthorized actions.
• A common method of session hijacking is stealing cookies.
• Using encrypted cookies and HTTPS can help prevent session hijacking.
• A main security flaw exploited in session hijacking is insecure transmission of session cookies.
• A sign of a possible session hijacking is unexpected logout and unauthorized actions.

Additional SQL Injection Concepts

• Error-based SQL injection relies on causing database errors to extract data.
• Boolean-based blind SQL injection uses conditional responses to infer database information.
• Union-based SQL injection combines results from legitimate and malicious queries.
• A SQL injection vulnerability might be indicated by a network timeout error.
• A parameterized query can prevent SQL injection attacks.

Additional XSS Concepts

• Stored XSS is when malicious scripts are permanently stored on a server.
• Reflected XSS is when malicious scripts are injected into a URL and reflected back to the user.
• DOM-based XSS occurs when JavaScript modifies the web page's DOM, allowing malicious code.
• Content Security Policy (CSP) can help prevent XSS attacks by only allowing trusted sources to execute scripts.
• Signs of a possible XSS attack include unexpected pop-ups or alerts on a webpage.
• The <script> HTML element is most likely to be exploited in an XSS attack.

Additional Session Hijacking Concepts

• Using long session IDs can reduce the risk of session hijacking.
• HTTPS is important because it encrypts data, making it harder to intercept session tokens.
• Stealing the session ID via a browser cookie is a common session hijacking technique.

Additional General Concepts

• A session ID is a unique identifier that a server assigns to each user during a session.
• Session management uses session IDs to track user actions and ensure continuity.

Description

Test your knowledge on common web security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Session Hijacking. This quiz covers detection methods, prevention techniques, and real-world examples of these security issues. Improve your understanding of web security practices!