Class Notes on End of Semester Topics and Command Injection

End of Semester Updates

Second to last week of class
No in-person help during finals week; rely on Discord
Grades and extra credit will be updated before Wednesday
Final assignments have a hard deadline of January 10th, with no extension possible

Happens when an application concatenates user input with strings and then executes it
Key issue: if you can execute a command, you have total control
Tips for exploiting: think creatively about how you can use your permissions to achieve your goal (e.g., move, copy, or alter permissions of files)

Websites dynamically generate HTML by concatenating strings, including user input
If user input is not properly sanitized, it can introduce JavaScript that executes in the browser
JavaScript example: Using script tags to execute code in the browser
Demonstrated potential exploits: altering page content, redirection, accessing cookies
Cross-Site Scripting (XSS): when an attacker tricks a browser into executing malicious JavaScript

Occurs when SQL queries are constructed by concatenating strings, including user input
Demonstrates with examples how to manipulate SQL queries
SQL comments can be used to bypass portions of the query
Union select statement can be used to execute additional queries or extract data
Demonstrated data extraction from a different table using SQL injection
Blind SQL injection technique: Guessing a single character of the secret at a time using conditional responses
Binary search can be applied in blind SQL injection to efficiently determine an unknown string

Ensures that web pages isolated from each other unless they share the same origin
Origin is defined by scheme, host, and port
Cross-origin requests can be made under certain conditions, but are restricted to prevent unauthorized access and data sharing between different origins