Download   Report
  1. No category

slides

CS 155
Section 4, Extra Reference Slides
May 1, 2015
1/8
Outline
SQL Injection
CSRF
Clickjacking
2/8
SQL Injection
3/8
SQL Injection Demo Code
initialize.sql
create table STUDENTS(name string);
insert into STUDENTS VALUES("Albert");
AddStudent.php
<?php
$handle= new SQLite3("school.db");
$q = "INSERT INTO Students VALUES (’" . $argv[1]
$handle->exec($q);
?>
. "’)";
Commands to Run
sqlite3 school.db < initialize.sql
php AddStudent.php "Robert’); DROP TABLE STUDENTS; --"
http://stackoverflow.com/q/332365
4/8
Cross Site Request Forgery (CSRF)
1. User logs into www.bankofamerica.com.
2. User visits www.freemoviesforfools.com.
3. Javascript submits a form or AJAX request to
www.bankofamerica.com: “Please transfer $100000 to
Bob.”
4. Browser generously forwards login credentials along with
the request.
5. Bob becomes wealthier. User becomes less wealthy.
http://stackoverflow.com/q/2581488
5/8
Cross Site Request Forgery (CSRF)
Why doesn’t the Same Origin Policy prevent CSRF attacks?
“Under the policy, a web browser permits scripts contained in a
first web page to access data in a second web page, but only if
both web pages have me origin.” – Wikipedia
SOP prevents one website from reading another’s data, but
does not prevent one website from sending POST requests to
another!
http://en.wikipedia.org/wiki/Same-origin_policy
6/8
Clickjacking - When CSRF Fails
If the victim website implements defenses against CSRF
(Project 2, Part 2), then we must enlist more help from the
user than just asking him to load our malicious page.
1.
2.
3.
4.
User logs into www.bankofamerica.com.
User visits www.freemoviesforfools.com.
User clicks a button “I Want Free Movies”.
Bob becomes wealthier. User becomes less wealthy.
7/8
Clickjacking
www.freemoviesforfools.com contains an invisible iframe
containing the Transfer page for Bank of America. This frame
is overlayed on top of the button that the user clicked.
Clearly, it can be substantial security flaw to allow yourself to
be framed by other pages.
In this project, you will experiment with frame-busting and
anti-frame-busting techniques.
8/8
How to get your code deployed: Security AMS Hackathon 2013 Chris Steipp

How to get your code deployed: Security AMS Hackathon 2013 Chris Steipp

Resume PDF - Eliza Danyi

Resume PDF - Eliza Danyi

SQL Engineer

SQL Engineer

Assignment 4 - Department of Mathematics and Computer Science

Assignment 4 - Department of Mathematics and Computer Science

RS Report Writer

RS Report Writer

Title of the course Code Semester Theory

Title of the course Code Semester Theory

the membership form Philippines

the membership form Philippines

Contact Information:

Contact Information:

Job Openings - ardentCause

Job Openings - ardentCause

Tayyib Oladoja PERSONAL STATEMENT

Tayyib Oladoja PERSONAL STATEMENT

abcdocz.com

© Copyright 2024