|Nothing to do with security, just a relaxong picture of Basel|
Cross Site Scripting, Cross Site Request Forgery, SQL Injection and HTP Response Splitting are all examples of injection attacks. However everything can and has been used to attack sites one way or another. Here a number of attacks are outlined in order to highlight this fact.
Null Character Injection
In Java the null character ( in hexadecimal) is a valid character but in C/C++ it is used to terminate a string. Since C and C++ are used to write operating system interactions this could lead to vulnerabilities. Via OS injection
This happens when a user supplies malicious code that interacts with the operating system. If they can get root privileges they can wipe the machine clean with a command like cd / rm -r * and it is not easy to restore or reinstall a system like this since the boot loader is not removed. An inexperienced systems administrator, or one pressured to restore service instantly, might simply bulk erase the disk thus removing all possibility of using forensic tools to find the origin of the attack or, if the system has not been backed up recently, recovering information. More subtly files could be emptied or altered in the hope the attack would not be discovered till they had been backed up a few times.
An attacker might enter \r\n into their input and, if this is logged, they will forge a log entry. This could be used to damage a company's case in court or to damage their reputation. Such an attack would class as an Advanced Persistent Threat, since it would only target one company at a time and would require reconnaissance.
Here the site allows users to retrieve files and an attacker uses this to get arbitrary files, for example the list of user names and passwords. Even though these are stored encrypted, once downloaded the attacker can attack the file at leisure.
Here xml elements contain malicious code, much like LDAP and SQL injection. Again this is a specialised attack.
If user input is not handled safely and attacker can input a string that exceeds the capacity of the buffer designed to hold it thus overwriting other parts of the memory. With luck, skill and reconnaissance the attacker can this inject their own code into the system or simply crash the application. It is rare in Java or other managed languages, but occurs in web applications written in other languages that do not handle buffers safely.
Random Input Attack
At one time smart cards could be attacked by stressing them and feeding them random data till an input caused them to output all the data on the card. This attack could also be combined with a buffer overflow attack but seems to have fallen out of fashion, probably because makers and web application designers have learned how to defend against this sort of attack. It is probably due for revival.
Insecure Direct Object Reference
Here a direct object reference is used insecurely, for example an account number or proce is exposed to the client and the attacker can manipulate this to their benefit. The risk can be mitigated by storing the data in the browser session and using indirect references to map to the actual values. Although more complicated another approach would be to keep the actual values on the server and map the values of indirect references sent by the browser to those on the server.
Any part of a system or web application can serve as an attack point. A general principle of defence is a zero trust policy. Since however this has performance implications a balance needs to be struck, with, say, some code relatively lightly protected, while other code, for example safety critical code, is heavily protected, and perhaps triplicated, with the accepted output being a majority vote of all copies of the code, so if one is compromised it becomes obvious.
The references here only describe some attacks. Googling on the attack names I give will reveal a ton of links. The OWASP links are good for someone with a moderate technical knowledge of security.
- http://www.cse.scu.edu/~tschwarz/coen152_05/Lectures/BufferOverflow.html This also gives an example of a directory traversal attack used to retrieve the password file. The Buffer overflow section involves C, since languages like Java make this attack hard
The following links point to earlier articles in this series.