Injection

A type of attack where untrusted data is sent to an interpreter, which can manipulate it to execute unintended actions. Normally, it occurs when we find a way of sending HTML, CSS, JS code, database queries, and others; via a request, a form, website URL, among others.

We can find several ways of carrying out this type of attack:

Injects malicious JavaScript code into a web page
Injects malicious SQL queries into a database, poisoning structured database queries based on SQL with the user input, or even NoSQL database queries
Executes arbitrary system commands on a server or application
Inject template syntax user that is improperly handled or validated to applications that use template engines
LDAP Injection: Manipulates LDAP queries for unauthorized directory access
XPath Injection: Alters XML Path Language (XPath) queries for unauthorized access to XML data
Manipulates XML data or queries to inject malicious data
SMTP/Email Injection: Exploits vulnerabilities in email systems to inject malicious emails
Expression Language (EL) Injection: Injects malicious input into Expression Language (used in Java-based applications)
CRLF Injection: Injects carriage return and line feed characters into HTTP headers to manipulate responses

PreviousCryptographic Failures NextInsecure Design

Last updated 2 months ago

Was this helpful?