The URL Cruise Missile
Use the graphic below to answer the following questions:
|
Protocol |
Host |
Name |
Path Parameters |
|
http:// |
www.buyitnow.tv |
/add.asp |
?item=price#1999 |
1. Which part of the URL can be manipulated by an attacker to exploit a vulnerable back-end database
system?
2. Which part of the URL can be manipulated by an attacker to cause a vulnerable web server to dump the /etc/passwd file? Also, name the attack used to exploit this vulnerability.
3. Name three threat agents that can pose a risk to your organization.
4. What kinds of sources can act as an attack vector for injection attacks?
5. Injection attacks exploit which part of the CIA triad?
6. Which two mitigation methods can be used to thwart injection attacks?
1. Path parameters.
2. Path parameters. It uses Local File Inclusion(LFI) attack.
3. Malware, virus, spam, network monitoring etc.
4. Data input fields like comment section, name section, numbers etc.
5.All three parts. A SQLi vulnerability might allow unauthorized access to any data residing on the database server, compromising data confidentiality of the organization. By executing SQL DDL statements, we can alter databases which causes integrity and repudiation issues. SQLi vulnerability can be exploited by an attacker to delete a database. Recovery from backup can take some time causing unavailability of an application resulting in DoS.
6. Using firewall, Encrypt sensitive data stores in the Database, updating and patching the softwares and reducing the attack surface.
Get Answers For Free
Most questions answered within 1 hours.