2.3.2 OS & Web-Based Vulnerabilities
SQLi, XSS.
OS and web-based vulnerabilities are weaknesses in system software or application logic that let attackers compromise the confidentiality, integrity, or availability of data.
SQL Injection (SQLi) SQLi happens when attacker-supplied input is executed by the backend database, bypassing authentication and exposing or altering data. - Classic SQLi: entering "' OR 1=1 --" to make a login query always evaluate true. - Blind SQLi: when no data is returned directly, the attacker asks true/false questions and reads the response or a time delay. - Impact: viewing sensitive tables, deleting records, or gaining control of the database server. - Prevention: parameterized queries (prepared statements) are the strongest defense, backed by input validation and stored procedures, so input is treated as data, not code.
Cross-Site Scripting (XSS) XSS targets a site's users by injecting scripts (usually JavaScript) into trusted pages. - Stored (persistent) XSS: the script is saved on the server (for example in a comment) and runs for every visitor. - Reflected XSS: the script rides in a crafted link and executes when the victim clicks; it is not stored. - DOM-based XSS: the flaw lives in client-side code rather than on the server. - Impact: stealing session cookies, hijacking accounts, or redirecting users to malicious sites.
OS and Configuration Vulnerabilities Many weaknesses live in the operating system or in legacy settings rather than web code. - Legacy systems: unsupported software (such as Windows 7) that no longer receives patches, creating permanent "forever-day" holes. - Indicators of Compromise (IoC): artifacts of an intrusion such as unusual outbound traffic, unexpected permission changes, or rogue scheduled tasks. - Vulnerability research: teams track risk through the National Vulnerability Database (NVD), vendor advisories, and CVE feeds.
Quick recall - SQLi trigger → keywords like SELECT, UNION, or "' OR 1=1". - XSS trigger → "<script>" tags or alert() in input fields. - Parameterized queries → the most effective fix for SQL injection. - Input validation → the broad first defense against injection attacks. - IoC → clues like traffic spikes or permission changes that signal a breach.