Code injection

Successful exploitation of a code injection vulnerability can result in data breaches, access to restricted or critical computer systems, and the spread of malware.

Injection flaws are often found in services like Structured Query Language (SQL) databases, Extensible Markup Language (XML) parsers, operating system commands, Simple Mail Transfer Protocol (SMTP) headers, and other program arguments.

Injection flaws can be identified through source code examination,[1] Static analysis, or dynamic testing methods such as fuzzing.

Other approaches must be taken, however, when dealing with injections of user code on a user-operated machine, which often results in privilege elevation attacks.

[13] For example, consider a web page that has two text fields which allow users to enter a username and a password.

Assume a query with the following format:If an adversary has the following for inputs: UserID: ';DROP TABLE User; --' Password: 'OR"='

However, this same software bug can be accidentally triggered by an unassuming user, which will cause the website to display bad HTML code.

However, trusting non-validated user data can frequently lead to critical vulnerabilities[15] such as server-side Side Template Injections.

While this vulnerability is similar to cross-site scripting, template injection can be leveraged to execute code on the web server rather than in a visitor's browser.

For example, if "arg" is set to "10; system('/bin/echo uh-oh')", additional code is run which executes a program on the server, in this case "/bin/echo".

If an untrusted input is allowed into the deserialization function, it is possible to overwrite existing classes in the program and execute malicious attacks.

Consider the following short C program that has a local variable char array password which holds a password; the program asks the user for an integer and a string, then echoes out the user-provided string.If the user input is filled with a list of format specifiers, such as %s%s%s%s%s%s%s%s, then printf()will start reading from the stack.

Eventually, one of the %s format specifiers will access the address of password, which is on the stack, and print Password1 to the screen.

The passthru function in the above program composes a shell command that is then executed by the web server.

vectorial version
vectorial version