XSS attack

Description

In most cases, cross-site scripting (XSS) attacks occur on clients and can be used to steal sensitive data such as passwords, perform phishing attacks, and spread malware. Attackers can use HTML, JavaScript, VBScript, and ActionScript scripts to launch XSS attacks.

In most cases, attackers store malicious code on a server as a web page. If a user opens the web page, the malicious code that is stored on the web page is injected into the browser of the user and is executed. This launches an XSS attack. During an XSS attack, the attacker steals session cookies to obtain sensitive data, such as passwords.

Impacts

XSS attacks target the users of websites rather than web servers. XSS attacks can spread based on websites and cause severe negative impacts on websites. Attackers can launch XSS attacks to steal the sensitive data of users. XSS attacks can cause the following impacts:
  • Phishing scam: Attackers exploit the reflected XSS vulnerability of target websites to redirect requests that are destined for the target websites to phishing websites, or inject phishing JavaScript scripts to monitor the form input of the target websites. Attackers can also launch sophisticated phishing attacks based on DHTML technology.
  • Trojan attack: Attackers use iframe tags to embed hidden malicious websites into the scripts of target websites. When users visit the target websites, the users are directed to the malicious websites, or the pop-ups of the malicious website are displayed.
  • Identity theft: Attackers steal the cookie of a user and then obtains the operation permissions of the user on a website. If attackers steal the cookie of a user that has administrative rights on a website, serious problems may arise.
  • Sensitive data theft: After attackers steal user identities and obtain the operation permissions, the sensitive data of users is also exposed.
  • Spam attack: On social networking websites, attackers can use the identities of attacked users to send a massive amount of spam to target groups in batches.
  • Hijacking: In sophisticated XSS attacks, attackers hijack the web-related behavior of users to monitor user browsing histories and other web operations, such as sending and receiving data.
  • XSS worm: Attackers use XSS worms to perform malicious behavior such as advertising, fake traffic generation, trojan insertion, pranking, online data destruction, and DDoS attacks.

CRLF injection attack

Description

Carriage Return Line Feed (CRLF) injection attacks split HTTP response headers. CRLF injection is also referred to as the HTTP response splitting vulnerability. CR stands for carriage return characters and LF stands for line feed characters.

The HTTP header information consists of multiple rows that are separated by CRLF combinations. Each row is in the key: value format. If CRLF characters are injected into a value, the HTTP header format may be changed.

Impacts

Attackers can inject custom HTTP header information such as session cookies or HTML code to carry out attacks such as XSS attacks or session fixation attacks.

SQL injection attack

Description

SQL injection is a security vulnerability that exists at the database layer of applications. SQL injection attacks are widely used to obtain unauthorized control of websites.

If applications do not check the SQL statements that are included in input strings, the malicious SQL statements that are submitted by attackers are regarded as normal SQL statements and executed by databases. As a result, the databases are attacked and data is leaked, modified, or deleted. Malicious code may also be injected into websites and backdoors may be installed.

Impacts

SQL injection attacks can cause the following impacts:
  • Confidential data is stolen.
  • Core business data is tampered with.
  • Web pages are tampered with.
  • The servers on which databases are located are attacked and turned into zombies controlled by attackers. A corporate intranet may also be attacked.

Webshell attack

Description

A webshell attack is an attack in which attackers inject trojans into targeted web servers to take control of the web servers.

Impacts

If attackers launch webshell attacks on websites of users, backdoors into the websites are provided. Then, the attackers can perform operations such as file modification and code execution on the websites.

Local file inclusion

Description

Local file inclusion is an attack that can be launched when the program code does not strictly control the files to be processed. Attackers can execute uploaded static files or website log files as code.

Impacts

Attackers exploit this vulnerability to execute commands on servers and obtain server permissions. This vulnerability may cause serious consequences. For example, websites are unexpectedly deleted, and user data and transaction data are tampered with.

Remote file inclusion

Description

Remote file inclusion is an attack that can be launched when the program code does not strictly control the files to be processed. Attackers can construct parameters (including remote code) and execute them on servers.

Impacts

Attackers exploit this vulnerability to execute commands on servers and obtain server permissions. This vulnerability may cause serious consequences. For example, websites are unexpectedly deleted, and user data and transaction data are tampered with.

Remote code execution

Description

Remote code execution is also referred to as code injection. Remote code execution is a high-risk vulnerability that allows attackers to exploit server code vulnerabilities to execute malicious code on servers.

Impacts

Attacker can exploit this vulnerability to execute assembled code on servers.

FastCGI attack

Description

The FastCGI vulnerability is a serious vulnerability on NGINX web servers. The FastCGI module may cause servers to parse all types of files based on PHP.

Impacts

Attackers can attack the NGINX web servers that support PHP.