Understanding Injection Attacks

In today's digital world, web applications are often targeted by attackers using various methods to compromise sensitive data and systems. One of the most prevalent and dangerous categories of attacks is injection attacks. In this article, we will delve into the world of injection attacks, exploring their types and providing real-world examples to help readers understand the severity of these vulnerabilities.

Types of Injection Attacks:

1. SQL Injection (SQLi):

  SQL injection is a commonly exploited vulnerability where an attacker can insert malicious SQL statements into input fields to gain unauthorized access to a website's database. For example, an attacker may use SQL injection to extract sensitive information such as usernames, passwords, and financial data from a vulnerable website.

2. Cross-site Scripting (XSS):

  Cross-site scripting allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to various attacks, such as account impersonation, defacement of web pages, and executing arbitrary JavaScript in victims' browsers.

3. Code Injection:

  In a code injection attack, an attacker injects application code, often written in the application language, to execute operating system commands with the user's privileges. This can lead to full system compromise if additional privilege escalation vulnerabilities are exploited.

4. CRLF Injection:

  A CRLF (Carriage Return and Line Feed) injection occurs when an attacker injects unexpected character sequences to split an HTTP response header and write arbitrary content to the response body. This can be used in conjunction with Cross-site Scripting attacks.

5. Email Header Injection:

   This attack is similar to CRLF injections but involves sending IMAP/SMTP commands to a mail server not directly available via a web application. The consequences may include spam relay and information disclosure.

6. Host Header Injection:

   Attackers abuse the implicit trust of the HTTP Host header to poison password-reset functionality and web caches, leading to password-reset poisoning and cache poisoning.

7. LDAP Injection:

  LDAP injection involves injecting LDAP statements to execute arbitrary commands, gain permissions, and modify the contents of the LDAP tree. This can result in authentication bypass, privilege escalation, and information disclosure.

8. OS Command Injection:

OS command injection allows attackers to inject operating system commands with the user's privileges, potentially leading to full system compromise if additional vulnerabilities are leveraged.

9. XPath Injection:

  Attackers inject crafted XPath queries into an application to access unauthorized data and bypass authentication. The consequences may include information disclosure and authentication bypass.

Conclusion:

Injection attacks pose a significant threat to web applications and the sensitive data they process. It is crucial for organizations and developers to understand the various types of injection attacks and implement robust security measures to mitigate these vulnerabilities. By staying informed and adopting secure coding practices, businesses can effectively safeguard their web applications against these pervasive and potentially devastating threats. 

javascript - .includes() not working in Internet Explorer

includes is not supported in Internet Explorer (or Opera)

Instead you can use indexOf. #indexOf returns the index of the first character of the substring if it is in the string, otherwise it returns –1

or you can use below function to in your javascript and you can still use include to work in IE10 / IE11

//IE 10/IE11 fix for includes function
String.prototype.includes = function () {
    'use strict';
    return String.prototype.indexOf.apply(this, arguments) !== -1;
};

Hope this helps!

How to change Excel column names form A,B,C to 1,2,3 or vice versa

This happens when excel column labels are numeric rather than alphabetic. For example, instead of seeing A, B, and C at the top of your worksheet columns, you see 1, 2, 3, and so on.

The A1 Reference Style

By default, Excel uses the A1 reference style, which refers to columns as letters (A through IV, for a total of 256 columns), and refers to rows as numbers (1 through 65,536). These letters and numbers are called row and column headings.

The R1C1 Reference Style

Excel can also use the R1C1 reference style, in which both the rows and the columns on the worksheet are numbered. The R1C1 reference style is useful if you want to compute row and column positions in macros. In the R1C1 style, Excel indicates the location of a cell with an "R" followed by a row number and a "C" followed by a column number.

To toggle between A1 and R1C1 Reference styles 

1. Start Microsoft Excel.
2. On the Tools menu, click Options.
3. Click the General tab.
4. Under Settings, click to clear the R1C1 reference style check box (upper-left corner), and then click OK.

If you select the R1C1 reference style check box, Excel changes the reference style of both row and column headings, and cell references from the A1 style to the R1C1 style.

How can you two run two instances of Skype on PC?

I have to separate work contacts and family in skype, so I need two Skype instances on my PC.

Here is how you can do. Once you install you will get a skype shortcut on your desktop. Now do the following to create another instance of skype.

Step1: Copy skype shortcut and paste again on desktop. This will create another shortcut.

Step2: Rename new shortcut to your choice. I have renamed it to Skype II

Step3: Now go to properties of Skype II short cut that was created recently and update

Step 4: Update Target path like below from

"C:\Program Files (x86)\Skype\Phone\Skype.exe"

to

"C:\Program Files (x86)\Skype\Phone\Skype.exe" /secondary

Now apply and click Ok.

This should work now. I have tested this on Windows 7, 8 and 10