authenticated user can perform. It is always good to use the Principle of Least Privilege (What is the Principle of Least Privilege?)
2. Arbitrary Code Execution
If a server does not validate user inputs properly, that may lead to security vulnerabilities. And attackers can easily exploit those security vulnerabilities to steal sensitive information.
For example, let’s say a website has a web form. A user can type the name of an author in the web form and get information about the books published by the author. Let’s also assume that the server does not validate the user inputs properly.
So, an attacker types the following in the input form:
john’ AND 1=2;--
As a result, the server may end up executing the following SQL query:
SELECT * FROM bookinfo WHERE author = ‘john’ AND 1=2;--
Please note that everything written after the ‘–’ character will be treated as a comment and discarded. As a result, the database will return false because of the “AND 1=2” condition and a generic error message will be thrown.
At this point, if the server is weakly configured, then the database server may reveal sensitive information like the version of the software used by the database server. Attackers can now easily exploit the sensitive information to plan for more attacks on the server.
This type of attacks is called blind SQL injection attack. Interested readers may find more information here: What is a blind SQL injection attack?
Hence, it is crucial for a server to validate user inputs properly. Characters like <, >, –, ‘, “, etc. should be escaped properly. And, we should configure a server properly so that the server does not reveal any sensitive information while throwing an error.
3. Privilege Escalation
Attackers may also use privilege escalation to access data from a server for which the attacker is not authorized (What is privilege escalation?). Let’s try to understand this threat with an example.
Let’s say a web application uses a login form. A user types his username and password to authenticate himself. Let’s also assume that the server does not validate user inputs properly.
So, an attacker types the following in the username field of the login form: …






0 Comments