What are exploits?
An exploit is a piece of software of chunk of data that takes advantage of velnurability or bug in order to cause unintended or unanticipated behavior to occur on computer
Types of exploits:
Exploits are of many types but the most popular ones that are commonly used are as follows:
1.Xss(Cross site scripting)
2.Sql injection
3.Clickjacking
4.DDos attack
5.POC attack (Proof of conect)
6.Spoofing
I will explaing few of them
XSS(Cross site scripting):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.
Sql injection:
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
DDos attack:
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking
I have wrote a post on How to hack a website with Denial of service attack
POC(Proof of concept)
In computer security the term proof of concept (proof of concept code or PoC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.This was the same attack which
Clickjacking:
This attack was made on twitter,After the micro-blogging site immunized its users against a fast-moving worm that caused them to unintentionally broadcast messages when they clicked on an innocuous-looking button, hackers have found a new way to exploit the clickjacking vulnerability.
The latest attack comes from UK-based web developer Tom Graham, who discovered that the fix Twitter rolled out wasn't applied to the mobile phone section of the site. By the time we stumbled on his findings, the exploit no longer worked. But security consultant Rafal Los sent us a minor modification that sufficiently pwned a dummy account we set up for testing purposes.
The exploit is the latest reason to believe that clickjacking, on Twitter and elsewhere, is here to stay, at least until HTML specifications are rewritten. No doubt web developers will continue to come up with work-arounds, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons. Virtually every website and browser is susceptible to the technique.
Spoofing:
According to wikipedia spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
How to find exploits:
There are couple of methods and tools to discover exploits.
The above figure is of a software called as exploit scanner,Exploit scanner is a tool to check if the website is velnurable to the attack or not.you just need to enter the url and it will tell you whether the site is velnurable or not
An exploit is a piece of software of chunk of data that takes advantage of velnurability or bug in order to cause unintended or unanticipated behavior to occur on computer
Types of exploits:
Exploits are of many types but the most popular ones that are commonly used are as follows:
1.Xss(Cross site scripting)
2.Sql injection
3.Clickjacking
4.DDos attack
5.POC attack (Proof of conect)
6.Spoofing
I will explaing few of them
XSS(Cross site scripting):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.
Sql injection:
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
DDos attack:
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking
I have wrote a post on How to hack a website with Denial of service attack
POC(Proof of concept)
In computer security the term proof of concept (proof of concept code or PoC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.This was the same attack which
Clickjacking:
This attack was made on twitter,After the micro-blogging site immunized its users against a fast-moving worm that caused them to unintentionally broadcast messages when they clicked on an innocuous-looking button, hackers have found a new way to exploit the clickjacking vulnerability.
The latest attack comes from UK-based web developer Tom Graham, who discovered that the fix Twitter rolled out wasn't applied to the mobile phone section of the site. By the time we stumbled on his findings, the exploit no longer worked. But security consultant Rafal Los sent us a minor modification that sufficiently pwned a dummy account we set up for testing purposes.
The exploit is the latest reason to believe that clickjacking, on Twitter and elsewhere, is here to stay, at least until HTML specifications are rewritten. No doubt web developers will continue to come up with work-arounds, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons. Virtually every website and browser is susceptible to the technique.
Spoofing:
According to wikipedia spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
How to find exploits:
There are couple of methods and tools to discover exploits.
The above figure is of a software called as exploit scanner,Exploit scanner is a tool to check if the website is velnurable to the attack or not.you just need to enter the url and it will tell you whether the site is velnurable or not
Ever wanted to get free Twitter Followers?
Did you know you can get them AUTOMATICALLY & ABSOLUTELY FOR FREE by getting an account on You Like Hits?