Scribd
Upload
8 views

ContentType Injection

Content spoofing, also known as content type injection, is an attack that targets users by injecting vulnerabilities into web applications. When user-supplied data is not properly sanitized, an attacker can supply malicious content that is reflected back to the user under the context of the trusted domain. This attack exploits code vulnerabilities and user trust. Content type injection attacks include SQL injection, cross-site scripting, OS command injection, and code injection. Proper input validation, filtering, encoding of user inputs, and regular vulnerability scanning can help prevent these attacks. SQL injection is demonstrated by adding a single quote to a URL parameter, revealing an SQL error and database vulnerability.

Uploaded by

pavan pk
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views

ContentType Injection

Content spoofing, also known as content type injection, is an attack that targets users by injecting vulnerabilities into web applications. When user-supplied data is not properly sanitized, an attacker can supply malicious content that is reflected back to the user under the context of the trusted domain. This attack exploits code vulnerabilities and user trust. Content type injection attacks include SQL injection, cross-site scripting, OS command injection, and code injection. Proper input validation, filtering, encoding of user inputs, and regular vulnerability scanning can help prevent these attacks. SQL injection is demonstrated by adding a single quote to a URL parameter, revealing an SQL error and database vulnerability.

Uploaded by

pavan pk
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Expt 10 : Content Type Injection :

Content spoofing also referred to as content type injection is an attack initiated by


targeting a user , which is made possible by injecting vulnerability in a web
application.

When an application does not properly handle user-supplied data, an attacker can
supply content to a web application , typically via a parameter value, that is
reflected back to the user. This presents the user with a modified page under the
context of the trusted domain.

Typically this attack exploits a code-based vulnerability and a user’s trust.

Few Examples for content Type Injection Attacks :


SQL injection , Cross Site Scripting (XSS) , OS Command Injection , Code
injection (Remote Code Execution) , ...........

Preventing Content Type Injection Attacks:


-> Careful and thoughtful validation, filtering, and encoding of all user-
controlled inputs can help to prevent the vast majority of injection vulnerabilities.

-> To minimize attack, regularly scan your web applications with an industry-
leading web vulnerability scanner to make sure that you can eliminate
vulnerabilities faster.

--Remaining Practical's , follow SQLinjection as shown below --


Practicals:

->SQL injection is a code injection technique, in which malicious SQL statements


are inserted into an entry field for execution (e.g. to dump the database contents to
the attacker).
->SQL injection technique exploits a security vulnerability in an application’s
software, for example, when user input is either incorrectly filtered for string literal
escape characters embedded in SQL statements or user input is not strongly typed
and unexpectedly executed.
->SQL injection is known as an attack vector for websites, but can be used to
attack any type of SQL databases.
->In this guide we will show how to use SQLMAP, a SQL Injection tool to hack a
website (more specifically Database) and extract usernames and passwords.
->sqlmap is an open source penetration testing tool that automates the process of
detecting and exploiting SQL injection flaws and taking over of database servers. It
comes with a powerful detection engine.
In Step1 of practical demo , find a vulnerable website
(http://www.vulnweb.com/)

-> In next step click on the link marked with red circle http://testphp.vulnweb.com
In the next step click on any link from LHS menu from page shown above:

->In the next step ,Now just add a single quotation mark ‘ at the end of the URL
http://testphp.vulnweb.com/listproducts.php?cat=1'
If the page returns an SQL error, the page is vulnerable to SQL injection.
See the example of sql error in below screenshot:-

->In the next step , download and install sqlmap on windows , before you install
sqlmap you must install python on your windows , then installing sqlmap works
->Download sqlmap from sqlmap.org link from your browser

Unzip the same and extract it to some directory and then ,create a command
prompt shortcut for sqlmap as shown below
Step 2: Open SQLMAP
2.1 Open SQLMAP in the CMD prompt, If you want to gain more information
about SQLMAP then type “sqlmap — help” it will give you all the options which
are used while performing SQLMAP .
-> In the next step to update 'sqlmap' to latest version, from CMD prompt , type
the command : 'sqlmap -update'
2.2 To determine the databases behind the web site, in CMD prompt we need to
type :-
Syntax : sqlmap –u the enire URL of the vulnerable web page - dbs
In our case:-
sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 -dbs
Note: 1] -u option is used for url
2] –dbs is used to enumerate DBMS databases
2.3 When we run this command against
http://testphp.vulnweb.com/listproducts.php?cat=1 we get the results like below :

In next step , when we run the below command , we get output as shown in next
pic
sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 -dbs

In next step, We can retrieve all the tables which are present in database acuart by
using following command (where the notation -D : Database)
sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -tables
2.5 Now I want to gain more information about users table then type the following
command :
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -columns
Note:- above command will give us all the columns present in the table 'users'
2.6 Now I want to gain the attribute values such as 'name ,uname, pass ,
email ,phone' present in the table 'users' .Then type the following command:-
sqlmap –u http://testphp.vulnweb.com/listproducts.php?cat=1 –D acuart -T
users
-C name,uname, pass, email,phone -dump

Finally it give us output as an entries for data value which is present in name ,
username(uname) , password (pass) , email , phone for corresponding table users in
database acuart.

You might also like