IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [injection]

inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application. Is used only if there is no more specific injection tag available (see tag wiki)

Injection is inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application.

Tag usage:

Should be used only for injection attacks where there is no more specific injection tag available.

408 questions
52
votes
4 answers

How to inject executable, malicious code into PDF, JPEG, MP3, etc.?

I wanted to know if its generally possible to inject executable code into files like PDFs or JPEGs etc., or must there be some kind of security hole in the application? And if so, how would one do that? I often hear that people get infected by…
JohnnyFromBF
  • 1,413
  • 4
  • 16
  • 23
34
votes
3 answers

What risks should I be aware of before allowing advertisements being placed on my website?

The thought of having a 3rd party send javascript, and images to end users seems to be a scary thought, but that is exactly what we are doing when I place advertisements onto my site. Does serving advertisements from AdSense, or any of the online…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
26
votes
6 answers

Is it a good idea to use non-ASCII names in the U.S.?

Grimes and Elon Musk named their baby: X Æ A-12. What are the risks of non-ASCII names? For example, does the COBOL unemployment platform support non-ASCII names? Would it be possible to get a social security number (SSN) for the baby? Does it make…
0x90
  • 1,402
  • 2
  • 19
  • 27
23
votes
2 answers

Cross site scripting when the greater than and less than signs are escaped?

If a website encodes < to < and > becomes >, is it still possible to perform cross site scripting? What would you enclose the script tags in? For example, on one of my sites I can use normally, but how can I do the…
Bob John
  • 343
  • 1
  • 2
  • 6
23
votes
2 answers

What vulnerability is targeted by an HTTP referer starting with (){ :;};/bin/bash

I found this code, followed by several bash commands downloading and running a payload from the web, in the referer field in my apache error logs. The attack appears to work by converting a command name into a funtion name for the empty function…
Kylos
  • 333
  • 1
  • 6
17
votes
5 answers

Is it possible to inject values in a drop down list?

Say a ASP.NET page, or any html page for that matter, has a drop down list with a bunch of prices. On posting the page, the code looks at the selection of the drop down list for a computation. Is it possible for someone to alter the values and…
drobison
  • 273
  • 2
  • 7
17
votes
3 answers

Exposing database fields names in HTML

I quite often see opportunities to optimise server-side code if HTML form names are exactly the same as the database field names they eventually update. The drawback obviously is that this is exposing information about the database structure in…
Imag1ne
  • 365
  • 2
  • 5
16
votes
4 answers

Detecting reflective DLL injection

In the past few years, malware (and some pen-test tools like Metasploit's meterpreter payload) have begun to use reflective DLL injection (PDF) to load a DLL into the memory of a process. The benefit is that the file is never written to disk and is…
Mick
  • 273
  • 1
  • 3
  • 11
15
votes
2 answers

What threats come from CRLF in email generation?

I have an application where a code scanner has identified CRLF injection possibilities in some classes related to email generation. I understand how CRLF injection could be used against me on URL-based attacks, but google has been kinda silent on…
avgvstvs
  • 940
  • 1
  • 7
  • 19
15
votes
3 answers

SQL injection can bypass login but not drop table

I've setup a test environment for running some SQL Injection against my code and learning how to defend against it. I can bypass the login form using the following in the password field: ' OR username = 'admin Which gives me the query: SELECT *…
Scott Helme
  • 3,178
  • 3
  • 21
  • 32
15
votes
1 answer

HQL injection example

Our developers left a surprise in handling user login. Namely: // java List users = hibernate.find("from Users where username = '"+formUsername+"'"; if (users.length==0) { return BAD_USER; } if (!checkPassword(users.get(0).getPassword(),…
Pawel Veselov
  • 541
  • 5
  • 11
14
votes
1 answer

Is Bluetooth Low Energy Injection possible?

Mike Ryan claims that it is possible to inject packets (probably with Ubertooth) in an ongoing BLE conversation. His attempt to do so lead to jamming the connection (Sources 1 and 2). The Bluetooth specs (v4.0) state that the time between sending 2…
user2338815
  • 141
  • 1
  • 4
13
votes
1 answer

Android Runtime Code Injection

I'm doing research for a static analysis tool to help detect malware in Android applications. I'm wondering if it is possible to perform code injection on Android without using a class loader. I know it is possible to load byte code at runtime…
Ben Holland
  • 505
  • 1
  • 5
  • 13
12
votes
2 answers

XSS via JSON: Why does a web application not sanitize either its incoming params hash or its outgoing JSON values of malicious tags like Script?

Recently working on a Rails-based web application for a company, I had to look into XSS vulnerability. It turns out that the application, in some places, could take an HTML tag (e.g., directly as a parameter in GET or…
rcd
  • 343
  • 1
  • 3
  • 7
11
votes
2 answers

MongoDB Nosql injection in python code

Here is the code snippet for accessing to MongoDB. client = MongoClient() db = client.test_database collection = db.test # Get data from fields condition = form.getvalue('name') if condition: where = {"$where": "this.name == '"+condition+"'"…
Yang Yu
  • 439
  • 3
  • 5
  • 12
1
2 3
27 28