1726997703

Malicious codes to watch out for on our websites


1. SQL Injection (Injeção de SQL) ```sql '; DROP TABLE users; -- ``` **description**: An attacker injects malicious SQL commands into the database in an unauthorized way. This code, for example, tries to delete a table called users. protection: Use prepared statements (PDO in PHP, for example) and always validate and sanitize entries. Do a search in the "SEARCH" field to find out more about. 3. Remote File Inclusion (RFI) ```php include($_GET['page']); ``` **description**: An attacker can pass a malicious URL via parameters and include external files with malicious code. **Protection**: Use lists of allowed files and never include files directly from user input. 4. Local File Inclusion (LFI) ```bash ?file=../../etc/passwd ``` **description**: The attacker tries to access sensitive server files by manipulating the local file path. **Protection**: Sanitize entries and restrict file permissions on the server. 5. Cross-Site Request Forgery (CSRF) ```bash <img src='victim.com/delete-account?user=1'> ``` **description**: An attacker forces an authenticated user's browser to perform an unwanted action on a site where the user is logged in. **Protection**: Use CSRF tokens to validate critical actions. 6. Command Injection ```bash ; rm -rf / ``` **description**: The attacker injects operating system commands into input fields that are not properly checked, allowing arbitrary commands to be executed on the server. **Protection**: Validate and escape entries that can be used in system commands, such as execution functions (`exec()`, `system()`). 8. Phishing Links em Emails ```bash <a href="http://malicious-site.com">Click here to reset your password</a> ``` **description**: An attacker sends fake links in legitimate-looking emails to trick the user into stealing information. **Protection**: Check the domains of links in emails and use unique validation tokens. 9. Session Hijacking (Roubo de Sessão) ```js document.cookie="PHPSESSID=attacker-session-id"; ``` **description**: An attacker obtains the session of a legitimate user and takes over their account. **Protection**: Use HTTPS to encrypt cookies and implement cookies with the HttpOnly and Secure flag. 10. Denial of Service (DoS) ```bash while(true) { /* Consuming resources */ } ``` **description**: Malicious scripts that consume all the server's resources, making the site unavailable. **Protection**: Set limits on requests per IP and use firewalls to block DoS attacks.

(0) Comments

Welcome to Chat-to.dev, a space for both novice and experienced programmers to chat about programming and share code in their posts.

About | Privacy | Terms | Donate
[2024 © Chat-to.dev]