2.2. Client-side and Server-side Attacks

Web attacks come in a variety of forms, but they can be divided into two main categories: client-side and server-side attacks. Let's delve into what each category entails and why they are named as such.

Client-side attacks are targeted at the user themselves and are primarily executed within their web browser, but also on the server side. A typical example of a client-side attack is Cross-Site Scripting (XSS). This attack involves executing malicious JavaScript code in the user's browser. However, this doesn't mean the user has an outdated or vulnerable browser that enabled the attack. The vulnerability lies within the web application itself, which fails to properly filter user-input data. We'll discuss XSS in more detail in one of the upcoming sections.

Client-side attacks include:

  • Cross-Site Scripting (CSS)
  • Cross-Site Request Forgery (CSRF) – the foundation of this attack is that if you visit a malicious website, it can perform actions on a specific site you're already logged into, without your consent. For instance, you could have your online banking open in one tab while a hacker's site is in another. Under certain conditions, the hacker could gain access to your online banking or perform actions on your behalf. However, this type of attack has become increasingly difficult to execute in recent times.
  • Clickjacking – an attack on web applications where a malicious actor manipulates the user interface to hide or mask interface elements and trick the user into clicking on invisible or hidden elements on a page. The most common goal of this attack is redirecting the user to another site.
  • Various attacks against plugins and browser extensions
  • Vulnerabilities in Same Origin Policy (SOP) and Cross-Origin Resource Sharing (CORS) policies
  • Vulnerabilities in the Document Object Model (DOM). The DOM is a browser programming interface that allows developers to manipulate the content of web pages using programming languages like JavaScript. Under certain conditions, a hacker can completely change the displayed page or control user-inputted data and more.
  • Vulnerable frontend libraries (jQuery, Angular, etc.) might contain functions that can be exploited against the user. Additionally, the code often resides on remote Content Distribution Network (CDN) servers. These servers can be compromised, and instead of legitimate content like JavaScript libraries and scripts, a malicious actor can insert harmful code that will execute successfully in the victim's browser due to the browser's trust in CDNs.
  • Phishing attacks fall under social engineering. In most cases, attackers use cloned websites to persuade victims into revealing passwords and credit card numbers.

 

Server-side attacks target the server and its components. This category encompasses a variety of attacks and methods, including:

  • OS Command Injection – involves sending operating system commands (Linux/Windows) to the server. If the application is vulnerable, these commands will be successfully executed.
  • Code Injection – somewhat like the previous vulnerability, here the attacker sends malicious code in the language the application is written in. For example, if the website is built using PHP, the attacker finds a loophole and sends code written in PHP as well.
  • SQL Injection (SQLi) – this type of attack targets databases. Since databases store a lot of sensitive data, if a hacker manages to inject their SQL query, they can access all the data in the database and even execute system commands.
  • Server-Side Request Forgery (SSRF) - in this type of attack, the attacker sends fake requests on behalf of a vulnerable server to gain unauthorized access to protected resources within an organization's network. For instance, the attacker might use the vulnerable web server as a proxy to send requests to remote servers. The request could trigger an error that lets the attacker see confidential data or gain access to the system.
  • XML Entity Injection (XXE) – this attack utilizes XML files and vulnerabilities in XML parsers on the server to read files and execute system commands.
  • Directory Traversal – this attack allows the attacker to access almost all files on the server beyond the root directory of the web application. For instance, each web application's files are stored in a specific directory on the server, which serves as the root for that application. With Directory Traversal, an attacker can navigate beyond their root directory and access other application directories or even system files. Essentially, this vulnerability arises due to improper web server configuration.

This is not an exhaustive list. Some attacks are quite exotic and are rarely used, while others are widely employed and even lead certain attack trends. Thus, there's no need to study all techniques; focusing on the trending ones is sufficient. In this course, I will describe the most popular attacks and provide practical exercises for better understanding.