SMVDB

Your handy all in one vulnerability cheat sheet

Cross-Site Request Forgery (CSRF)

20003
'Cross-site Request Forgery' is an attack that forces authenticated users to submit an unwanted request to a Web application against which they are currently authenticated. CSRF attack works because browser requests automatically include all cookies including session cookies. Therefore, if the user is authenticated to the site, the site cannot distinguish between legitimate authorized requests and forged authenticated requests.

Improper Error Handling

10001
Improper Error Handling, also known as Error Handling Flaws occur when an error message that’s displayed to an end user provides clues about how an application or website operates. It would be a serious risk when detailed internal error messages such as database dumps, stack traces, and error codes are displayed to the user (attacker). Even if the error message doesn't provide a lot of details, inconsistencies in such messages can still reveal important clues on how a site works or what system/back-end is present. Sometimes it may also lead to sensitive information disclosure. The severity of improper error handling is scenario dependent, means in some scenarios this error exposes critical information and in other scenarios non-sensitive information thus the severity must be calculated for each scenario.

Reflected Cross Site Scripting (RXSS)

20002
'Reflection' is when a web application returns the data entered by a user via request into the web application response. 'Reflected Cross-Site Scripting' or 'RXSS' is a type of 'Browser Side Attacks or Client Side Attacks' attack where an attacker abuse the reflection and inexistence of input sanitization to inject JavaScript code into victim's responses to take control of their browsers, execute malicious code to steal session cookies, or even redirect them to other pages. Any reflected parameter of an application is suspected to be vulnerable but the most severe parameters are 'GET' parameters where an attacker can simply use the nature of 'GET' parameters where is being sent inside the URL to reflect malicious code into the victim responses. If the reflection happens via 'POST' parameter or what is sometimes referred to as 'Self Cross-Site Scripting' or 'SXSS' an attacker may not be able to exploit the reflection scenario unless there's no 'CSRF' protection. Sometimes an attacker may not be able to injection JavaScript Code, hence an attacker may try to inject another type of code such as HTML which is known as 'HTML Injection' to trick users into performing actions, or CSS code which is known as 'CSS Injection'