Exploits :
An exploit is a piece of software of chunk of data that takes advantage
of vulnerability or bug in order to cause unintended or unanticipated
behavior to occur on computer
Types of Exploits :
Exploits are of many types, but the most popular ones that are commonly used this days are as follows :
1) Xss(Cross site scripting)
2) Sql injection
3) Clickjacking
4) DDos attack
5) POC attack (Proof of concept)
6) Spoofing
Small Introduction for few of them is written below. But before that, Please take a second to Bookmark TechAttacks for your later use or For more Updates Follow us on our BLOG or get tuned by simply Liking Tech-Attacks on Facebook.
XSS / CSS (Cross Site Scripting) :
Cross-site scripting or XSS is a threat to a website's security. It is
the most common and popular hacking a website to gain access information
from a user on a website. There are hackers with malicious objectives
that utilize this to attack certain websites on the Internet. But mostly
good hackers do this to find security holes for websites and help them
find solutions. Cross-site scripting is a security loophole on a website
that is hard to detect and stop, making the site vulnerable to attacks
from malicious hackers. This security threat leaves the site and its
users open to identity theft, financial theft and data theft. It would
be advantageous for website owners to understand how cross-site
scripting works and how it can affect them and their users so they could
place the necessary security systems to block cross-site scripting on
their website.
SQL Injection :
SQL Injection involves entering SQL code into web forms, eg. login
fields, or into the browser address field, to access and manipulate the
database behind the site, system or application.
When you enter text in the Username and Password fields of a login
screen, the data you input is typically inserted into an SQL command.
This command checks the data you've entered against the relevant table
in the database. If your input matches table/row data, you're granted
access (in the case of a login screen). If not, you're knocked back out.
DDos attack :
A denial of service attack (DOS) is an attack through which a person can
render a system unusable or significantly slow down the system for
legitimate users by overloading the resources, so that no one can access
it.this is not actually hacking a website but it is used to take down a
website.
If an attacker is unable to gain access to a machine, the attacker most
probably will just crash the machine to accomplish a denial of service
attack, this one of the most used method for website hacking.
POC(Proof of concept) :
In computer security the term proof of concept (proof of concept code or
POC) is often used as a synonym for a zero-day exploit which, mainly
for its early creation, does not take full advantage over some
vulnerability. This was the same attack.
Clickjacking :
This attack was made on twitter,After the micro-blogging site immunized
its users against a fast-moving worm that caused them to unintentionally
broadcast messages when they clicked on an innocuous-looking button,
hackers have found a new way to exploit the clickjacking vulnerability.
The latest attack comes from UK-based web developer Tom Graham, who
discovered that the fix Twitter rolled out wasn't applied to the mobile
phone section of the site. By the time we stumbled on his findings, the
exploit no longer worked. But security consultant Rafal Los sent us a
minor modification that sufficiently pawned a dummy account we set up for
testing purposes.
The exploit is the latest reason to believe that clickjacking, on
Twitter and elsewhere, is here to stay, at least until HTML
specifications are rewritten. No doubt web developers will continue to
come up with work-around, but hackers can just as quickly find new ways
to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself.
It's pulled off by hiding the target URL within a specially designed
iframe that's concealed by a decoy page that contains submission
buttons. Virtually every website and browser is susceptible to the
technique.
Spoofing :
According to Wikipedia spoofing In the context of network security, a
spoofing attack is a situation in which one person or program
successfully masquerades as another by falsifying data and thereby
gaining an illegitimate advantage.
No comments:
Post a Comment