PranjalUncodes
How does the Web work !!

How does the Web work !!

Pranjal Ruhela's photo
Pranjal Ruhela

Photo by Pankaj Patel on Unsplash

To exploit a website, you must know how it works so that you can effectively take it down to the ground!

So consider the internet as the invisible ether in which your browser and a server are floating.

When you visit a website your browser essentially makes a request to the server (which is just another computer that handles such requests from browsers and provides data accordingly). Once the request is recieved by the server, it responds with the data you requested.

So 2 processes basically,

  1. Client side (front end) — Your browser rendering the data into a visual website.
  2. Server side (back end) — The server.

Depending on the request/response cycle there are 5 situations which can be understood by the Http response codes —

  • 100s: Informational codes indicating that the request initiated by the browser is continuing.
  • 200s: Success codes returned when browser request was received, understood, and processed by the server.
  • 300s: Redirection codes returned when a new resource has been substituted for the requested resource.
  • 400s: Client error codes indicating that there was a problem with the request.
  • 500s: Server error codes indicating that the request was accepted, but that an error on the server prevented the fulfillment of the request.

Photo by Florian Olivo on Unsplash

How are these websites written?

  1. HTML- To give a structure to your website. Imagine a house of just bricks and cement. The essential stuff.
  2. CSS- To beautify your website. Imagine the paint and the furniture and its positioning and all the design aspects of the house.
  3. JavaScript- To give some extra functionalities and features to make your website interactive and dynamic. Just like doors that you open and the lights that you switch on. The pulling of curtains, etc.

See DOM manipulation.

[How to Manipulate the DOM - the Ultimate Beginner's Guide
Okay, so I assume you have heard of the almighty DOM - that's why you are here, right? If you are finding it difficult…freecodecamp.org](https://www.freecodecamp.org/news/how-to-manipulate-the-dom-beginners-guide/ "freecodecamp.org/news/how-to-manipulate-the..")

Sensitive data leak on a webpage

An attacker doesn’t need to sweat much if he figures out the source code of a webpage and finds sensitive information that a developer might have forgotten to hide or remove — like a password. He just has to inspect the code and find if any information is there in form of comments.

HTML INJECTION

HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitize user input (filter any “malicious” text that a user inputs into a website), and that input is used on the page, an attacker can inject HTML code into a vulnerable website.

When a user has control of how their input is displayed, they can submit HTML (or JavaScript) code and the browser will use it on the page, allowing the user to control the page’s appearance and functionality.

The general rule is never to trust user input — to prevent malicious input the website developer should sanitize everything the user enters before using it in the JavaScript function; in this case, the developer could remove any HTML tags.