IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [injection]

inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application. Is used only if there is no more specific injection tag available (see tag wiki)

Injection is inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application.

Tag usage:

Should be used only for injection attacks where there is no more specific injection tag available.

408 questions
-1
votes
1 answer

Why injecting a php tag with XSS dosn't work?

So you all know about the XSS vulnerability but what I cannot understand is how come injecting a tag doesn't work? eg.: suppose there is a Stored XSS vulnerability in the index.php of a site why it doesn't work if you did this: 1. close the…
RL.AdmiralX
  • 422
  • 4
  • 6
-1
votes
1 answer

Scanner / tool to generate a list with all forms and input fields of a website

I'm not very experienced with information security but know some basics about injection attacks and other web based attacks. Is there a tool / crawler to find all forms and input fields of a whole website? I know addons for firefox and chrome…
clinical
  • 111
  • 1
  • 4
-1
votes
5 answers

Is 'Internal Server Error' always a sign that there's a SQL Injection vulnerability in a site?

If so, is trying to exploit through a time-based injection enough to prove there's a vulnerability in said site?
felipebubu
  • 25
  • 1
  • 4
-1
votes
1 answer

Can't bypass filter

Trying some malicious injection against bWAPP and came across bypass captcha Filter validating captcha is if($_POST["captcha_user"] == $_SESSION["captcha"]) Tried input 1' || '2 but it doesn't bypass logical condition.
Ryuzaki
  • 11
  • 3
-1
votes
1 answer

wifi cracking using a network adapter which doesn't support packet injection

I'm trying to crack my wifi (WPA-CCMP) password to test its strength and security, I'm using the commview for wifi and aircrack-ng software on windows 10. I've three laptops, Windows 10 (64bit) with dual boot ubuntu 18.04, only Windows 10(64bit),…
pal
  • 3
  • 2
-1
votes
1 answer

Run your own code on chrome:// url?

Recently I've been trying to escape sandbox Chrome OS for fun, bounties, etc. I found you can run straight system commands through chrome:// urls (such as displaying USB Detected message, or something). However, Google is notoriously good at XSS…
thanoschimichan-ga
  • 1
-1
votes
2 answers

"Reflected XSS"-like attack on chatbot AI

This is a theoretical question. I just watched a certain video in which the author apparently unmasks a chatbot AI that is likely trying to harvest data and spread influence in a cult-like manner on a given social network. The video is hosted on…
user221579
-1
votes
1 answer

SQLI Login Bypass Cheat-sheets Question

Assuming you are authorized to pentest a live website that's login page is vulnerable to SQL Injection. Lets say your backpack has only 2 crafted queries by you which is admin' -- and '=' 'OR'. Your past experience on a test site where its back-end…
Cash-
  • 57
  • 4
  • 10
-1
votes
2 answers

Unable to inject cookies

As part of an exercise, I need to sniff cookies from a login page and inject them in the same login page. If the cookie injection is successful the user must be login without entering the user name and password. I sniffed the cookies. I found three…
user9371654
  • 469
  • 1
  • 6
  • 15
-1
votes
2 answers

FireEye IPS "Bash Remote Code Injection (Shellshock)" events

I see a peculiar IPS event for "Bash Remote Code Injection (Shellshock) HTTP CGI (headers)". Although I have configured on my FireEye NX box to block this event, this alert has been bothering me for a while now. How do I ensure that my systems are…
Vaibhav
  • 5
  • 4
-1
votes
1 answer

How to remove malicious code injected into server?

I found some malicious code on my webserver which is exactly similar to this. My questions are: How can I know from where this code was injected? How can someone inject code on my server without my server credentials? How to prevent future…
Imran Qamer
  • 99
  • 2
-1
votes
1 answer

Can this prevent XSS?

In PHP, I've always used this to represent inputs and textareas: $foo = trim(htmlentities($_POST['foo'], ENT_QUOTES); // the trim is to prevent empty submissions Can it also be valid to prevent SQL injection attacks?
Slim Shady
  • 171
  • 1
  • 2
  • 8
-1
votes
2 answers

Unrestricted File Upload Vulnerability, any solution?

I have a module in which the user can upload images. So I run some test, via tamper data I can change it from .png to .php and it will upload successfully on my server but if I go to the location it appears "Not found". So what do you think is an…
Test
  • 55
  • 8
-1
votes
1 answer

Understanding HTTP response from Linux Server

I am working through a question that involves someone using a vulnerability in a Linux server in order to gain access to it. The first part of the question states In monitoring the network activity between a critical Goldmine Tech web server and…
Josh
  • 119
  • 2
-2
votes
2 answers

Parameterization strategy for hazardous character injection

I have a input text field for accepting Email ID. If Email ID is not entered by User, I have a client side validation using Java Script to display error message which reads like, "Please enter valid email id". Code is like, if(EmailIdIsNull) { …
Vikas V
  • 693
  • 8
  • 12
1 2 3
27
28