☑️Introduction

Injection vulnerabilities are considered the number 3 risk in OWASP's Top 10 Web App Risks, given their high impact and how common they are. Injection occurs when user-controlled input is misinterpreted as part of the web query or code being executed, which may lead to subverting the intended outcome of the query to a different outcome that is useful to the attacker.

Injection

Description

OS Command Injection

Occurs when user input is directly used as part of an OS command.

Code Injection

Occurs when user input is directly within a function that evaluates code.

SQL Injections

Occurs when user input is directly used as part of an SQL query.

Cross-Site Scripting/HTML Injection

Occurs when exact user input is displayed on a web page.

There are also other types like LDAP injection, NoSQL Injection, HTTP Header Injection, XPath Injection, IMAP Injection, ORM Injection

Lets take PHP as an example. PHP uses exec, system, shell_exec, passthru, or popen functions to execute commands directly on the back-end server, each having a slightly different use case.

This is a vulnerable code:

<?php
if (isset($_GET['filename'])) {
    system("touch /tmp/" . $_GET['filename'] . ".pdf");
}
?>

Here, the user input 'filename' is directly used in the touch command.

PreviousPrevention NextExploitation

Last updated 11 months ago