Top Common Website Security Vulnerabilities and their Bug Bounty Reward.
Any bug in a website that can be exploited by a researcher or a hacker is known as website vulnerability. So today, we will be discussing about the most common vulnerabilities websites have. There is no doubt that there are many security systems available and used for protecting websites from common cyber threats, but still many times a hacker manages to breach into the websites.
"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." - Chris Shiflett
So it is very important for administrators as well as for developers to have a comprehensive knowledge of these attacks and it should also be noted that different kind of web applications leads to various types of attacks than those listed here.
This article covers some of the most critical points found in numerous white papers and various articles across the web on Common Vulnerabilities.
Also Read- How Web Application Security Scanner Works?
Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable. When an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page.
Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack.
Bug Bounty: $100- $700USD
2. Cross Site Scripting-
‘XSS’ also known as ‘CSS’ – Cross Site Scripting.
It is a very common vulnerability found in Web Applications, ‘XSS’ allows the attacker to INSERT malicious code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an “attacker” to inject some code into the applications affected in order to bypass access to the website or to apply “phishing” on falls users.
Types of XSS:
There are actually three types of Cross-Site Scripting, commonly named as:
- DOM-Based XSS
- Non-persistent XSS
- Persistent XSS
The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine.
The attacker creates a well built malicious website
– The ingenious user opens that site
– The user has a vulnerable page on his machine
– The attacker’s website sends commands to the vulnerable HTML page
– The vulnerable local page execute that commands with the user’s privileges on that machine.
– The attacker easily gain control on the victim computer.
The non-persistent XSS are actually the most common vulnerabilities that can be found on the Net. It’s commonly named as “non-persistent” because it works on an immediate HTTP response from the victim website: it shows up when the web page gets the data provided by the attacker’s client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.
The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack user’s information and the difference is that in websites vulnerable to Persistent XSS the attacker doesn’t need to provide the crafted url to the users, because the website itself permissions to users to insert fixed data into the system.
Once an attacker finds vulnerable website they can try to inject malicious script code into data that is going to be stored into the server. They, they will access the some of the web pages.
Bug Bounty: $100-$1500USD
Read here: New and Advance XSS Payloads
3. Cross-Site Request Forgery/ CSRF
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, Windows domain credentials, and so forth.
Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.
CSRF attacks target functionality that causes a state change on the server, such as changing the victim’s email address or password, or purchasing something. Forcing the victim to retrieve data doesn’t benefit an attacker because the attacker doesn’t receive the response, the victim does. As such, CSRF attacks target state-changing requests.
4. Remote Code Execution
Remote Code Execution is at the top of the vulnerability in Website Hacking.
Through remote code execution the cyber criminal can exploit a bug in the system and inject the malware, then it will exploit the vulnerability and help the cyber attacker to the execute the code remotely. It’s look like a cyber criminal has control over of your entire computer system with all admin privileges.
If the Bug hunter finds Remote Code Execution Vulnerability in any company, they can give 3000$-20000$.
Bug Bounty: $3,000-$200,00USD
5. Local File Inclusion (LFI) and Remote File Inclusion (RFI)
A File inclusion vulnerability is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time.
Local File Inclusion –
Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files, i.e. files on the current server can be included for execution. This issue can still lead to remote code execution by including a file that contains attacker-controlled data such as the web server’s access logs.
This looks as a perfect place to try for LFI. If an attacker is lucky enough, and instead of selecting the appropriate page from the array by its name, the script directly includes the input parameter, it is possible to include arbitrary files on the server.
Typical proof-of-concept would be to load passwd file:
Remote File Inclusion –
Remote File Inclusion (RFI) occurs when the web application downloads and executes a remote file. These remote files are usually obtained in the form of an HTTP or FTP URI as a user-supplied parameter to the web application.
If allow_url_include is On in php.ini, then we can inject a shell directly.
You only need to load by GET or POST directly to a URI with the shell (using a non PHP extension).
6. SQL Injection Attack
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites, but can be used to attack any type of SQL database.
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
Read more: How it works?
Bounty: $500- $100,00USD
7. Open URL Redirection Vulnerability
An open redirect vulnerability is an application that takes a parameter and redirect a user to the parameter value without any validation. This Vulnerability can be used in Phishing attacks to get users to visit a malicious website.
Bounty: $100$- $1500USD
Also Read- Top Bug Bounty Web List