You can hack websites with various techniques depending upon vulnerabilities you found in it. Today, I will tell you how to hack website and some most common website vulnerabilities like XSS and SQL Injection.
Any flaw or loop hole or say a weakness in website that can allow attacker to successfully exploit it is called a website vulnerability. Their are various vulnerabilities existing today in most of websites. Vulnerability may exists because of the fault of developer of websites.
Read More:-
Types of Computer Malware
Some website developers write poor code that lead to some vulnerability and then result in successful exploited website. Some of the most common website hacking methods or vulnerabilities are XSS, SQL Injection, CSRF (Cross Site Request Forgery), RCE (Remote Code Execution), DoS or DDoS etc.
However, I will only explain some of them. But i promise you to update this list as soon as possible. Because these are commonly found loop holes in today's websites.
So lets start.
How to Hack Website : Some know Website Vulnerabilities List
SQL Injection :– As we all know that the website database contains all the important or confidential information of website like user id, passwords, emails, customer info etc. This vulnerability allow an attacker to execute its SQL code in database which can be used to retrieve confidential information like email and password from database use this technique named SQL Injection. It is an Injection because attacker try to inject its malicious SQL code in target website's database. To prevent from SQL Injection, one should verify and validate the input of user.
XSS or CSS :– XSS (or sometimes CSS) stand for Cross Site Scripting. It is also a code injection technique. One of the main the difference in it is that attacker injects JavaScript code. This vulnerability allow an attacker to inject its java script code in any vulnerable website. This code execute in victim's browser when they visit that website. Then the attacker can access all session cookies stored in victim's browser which also can be used to retrieve stored passwords and usernames. In some cases, attacker can even control your browser remotely.
RCE :– RCE stands for Remote Code Execution or Arbitrary Code Execution also. This is the type of loop hole which allow an attacker to execute any malicious system code in target website and take control over the server. An attacker can execute in target system having this vulnerability. Attacker can escalate privileges after getting access.
Broken Authentication and Session Management :– Every website creat a session cookie with session id which is used to store user's credentials. These sessions should end either by closing browser or logging out. And sometimes it doesn't happen. Then an attacker can use victims pc to browse website without logging in with the stored session cookies in browser.
So these are four common website vulnerabilities used to hack website by hackers. There are other vulnerabilities also. I will soon update this list.
0 comments:
Post a Comment