πInjections
Injections are a security vulnerability in websites and web applications where attackers inject malicious code/data by exploiting a flaw in the way the application handles user input.
There are several types of injections that attackers can use to exploit vulnerabilities in web applications. Some of the most common include:
SQL injection: This occurs when an attacker is able to insert SQL commands into an application's database queries, allowing them to manipulate or extract sensitive data from the database.
Cross-site scripting (XSS) injection: This occurs when an attacker is able to inject malicious code into a web page that is executed by a victim's browser, allowing the attacker to steal sensitive data or take control of the victim's session.
Command injection: This occurs when an attacker is able to inject operating system commands into an application, allowing them to execute arbitrary code on the server.
LDAP injection: This occurs when an attacker is able to inject LDAP commands into an application, allowing them to manipulate or extract sensitive data from the application's directory services.
Last updated