ASSIGN 5

### Q1: Explain the Concept of SQL Injection Dorks with Examples

**SQL Injection** is a web security vulnerability that allows an attacker to interfere with the queries
that an application makes to its database. Such attacks can allow an attacker to view data they are
not normally able to retrieve, manipulate or delete data, and even execute administrative
operations on the database.

**SQL Injection Dorks** are specific search queries that can help an attacker find vulnerable web
applications by using Google or other search engines. "Dorking" refers to using advanced search
operators (also called "Google dorks") to uncover additional information regarding websites,
including vulnerabilities like SQL injection.

#### **Understanding Dorks**

Dorks typically take advantage of search engine features to narrow down results containing specific
keywords, error messages, or technologies associated with SQL injection vulnerabilities. They can
help discover sites that are likely to be vulnerable due to insecure coding practices.

#### **Common SQL Injection Dorks**

1. **Finding Login Forms**:

- **Dork**: `inurl:"login.php"`

- **Explanation**: This dork searches for URLs containing `login.php`, which often indicates a login
page. Attackers can then test these pages for SQL injection vulnerabilities.

2. **Identifying SQL Error Messages**:

- **Dork**: `inurl:"product.php?id=" + "You have an error in your SQL syntax"`

- **Explanation**: This helps find websites where SQL errors are displayed to users, indicating
potential vulnerabilities.

3. **Searching for Specific Web Technologies**:

- **Explanation**: This can find directory listings that may disclose database configuration files or
other sensitive information.

4. **Exploiting Vulnerable Queries**:

- **Dork**: `inurl:"page.php?id=" + "Unclosed quotation mark after the character string"`

- **Explanation**: This targets specific error messages related to unclosed SQL statements, likely
indicating the website is vulnerable to SQL injection.

5. **Finding Search Functionality**:

- **Dork**: `inurl:"search.php?q="`

- **Explanation**: This can locate search functionality pages, which are common targets for SQL
injection attacks due to the user input involved.

6. **Identifying Dynamic URLs**:

- **Dork**: `inurl:".php?id="`

- **Explanation**: This targets PHP files that accept an ID parameter, often leading to SQL
injection possibilities if not properly sanitized.

7. **Unfiltered Input Fields**:

- **Dork**: `inurl:"details.asp?id="`

- **Explanation**: Targeting ASP pages suggests a web application that may use SQL databases.
Attackers can test these endpoints for injectable vulnerabilities.

#### **Example of an SQL Injection Attack Using Dorks**

1. A web application has a vulnerable login form where the username and password fields are
concatenated into a SQL query. An attacker can exploit this like so:

- **Input**:

```sql

' OR '1'='1

```

- **SQL Query**:
 ```sql

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '';

```

- **Outcome**: This query would return all users instead of a specific one, potentially granting
unauthorized access.

2. If the attacker used a dork to find similar applications with the following query:

- ``inurl:"login.php" "error in your SQL syntax"``

- They could land on a vulnerable application and exploit it in the manner demonstrated above.

#### **Conclusion**

SQL injection dorks are a powerful tool for attackers to discover vulnerabilities on the web. While
they can be used for malicious purposes, security professionals can also use them to identify and fix
vulnerabilities in their applications. It's essential to implement secure coding practices and input
validation to mitigate the risks associated with SQL injection.

---

### Q2: Explain the OWASP Concept. Write Top 10 OWASP Attacks with Examples

**OWASP (Open Web Application Security Project)** is an open-source project that aims to improve
the security of software. It provides impartial, practical information about computer security and is
recognized globally for its efforts in advancing the field of application security. One of OWASP's key
contributions is the **OWASP Top Ten**, a regularly updated list of the most critical security risks to
web applications.

#### **OWASP Top Ten Attacks**

1. **Injection**:

- **Description**: Attackers can inject malicious code into an application, leading to the execution
of unintended commands.

- **Example**: SQL injection exploits, where an attacker inputs commands into a SQL query.

- **Mitigation**: Use parameterized queries and stored procedures.

- **Description**: Flaws that allow attackers to compromise user accounts or session tokens,
leading to unauthorized access.

- **Example**: An application that allows enumeration of valid usernames and can be exploited to
reset passwords.

- **Mitigation**: Implement multi-factor authentication and secure session management.

3. **Sensitive Data Exposure**:

- **Description**: Insecure storage or transmission of sensitive data such as personal information,

- **Example**: An application storing passwords in plain text or not using HTTPS for transmission.

- **Mitigation**: Implement encryption for sensitive data in transit and at rest.

4. **XML External Entities (XXE)**:

- **Description**: Attackers exploit vulnerable XML parsers to execute arbitrary code on the
server or use it to access sensitive files.

- **Example**: If an application parses XML input without proper validation, it can lead to file
disclosure.

- **Mitigation**: Disable DTD processing in XML parsers.

5. **Broken Access Control**:

- **Description**: Failure to enforce proper access controls, allowing unauthorized actions by

- **Example**: Accessing an admin section by simply changing the URL parameter without
needing proper credentials.

- **Mitigation**: Implement role-based access controls and verify permissions.

6. **Security Misconfiguration**:

- **Description**: Insecure default configurations, incomplete setups, and misconfigured HTTP

- **Example**: Using the default credentials for cloud services or leaving unnecessary ports open.

- **Mitigation**: Regularly review settings and follow security guidelines during configuration.
7. **Cross-Site Scripting (XSS)**:

- **Description**: Attackers inject malicious scripts into content that is then delivered to users,
allowing the attacker to execute scripts in the user's browser.

- **Example**: An input field that does not sanitize user input and allows JavaScript execution
when rendered.

- **Mitigation**: Sanitize and validate input, and set proper content security policies.

8. **Insecure Deserialization**:

- **Description**: Exploitation of vulnerabilities during the deserialization of data, allowing for

- **Example**: An application that accepts serialized objects from users could be exploited to run
arbitrary code.

- **Mitigation**: Validate and sanitize all incoming data, and avoid deserialization when possible.

9. **Using Components with Known Vulnerabilities**:

- **Description**: Applications that incorporate third-party libraries, frameworks, or components

- **Example**: An outdated version of a library that has a known exploit.

- **Mitigation**: Regularly update components and use tools to identify known vulnerabilities.

10. **Insufficient Logging and Monitoring**:

- **Description**: Inadequate logging of security-related events, making detection of breaches

- **Example**: Lack of logging for failed login attempts, making it hard to detect brute force
attacks.

- **Mitigation**: Implement strong logging practices and monitor logs for suspicious activities.

### Conclusion

Understanding the OWASP Top Ten is crucial for developers and security professionals alike. By
recognizing these common security risks, organizations can proactively implement security measures
and best practices, significantly reducing vulnerabilities in their applications. Adopting OWASP
guidelines not only strengthens application security but also builds trust with users.