https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=ThandermaxOWASP - User contributions [en]2026-05-25T05:13:13ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Code_Injection&diff=7913Code Injection2006-07-24T08:41:45Z<p>Thandermax: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
{{Template:Stub}}<br />
<br />
==Description==<br />
<br />
This article should cover attacks based on injecting code into a running application.<br />
<br />
==Examples ==<br />
<br />
If server side scripting is enabled in some address (such as guestbook , where user can insert data)<br />
then the SSI attack can be done.<br />
<br />
<br />
Such as :<br />
<br />
< !--#exec cmd="ls" -- ><br />
<br />
will show all the files in current directory is the server is on a UNIX/LINUX machine.<br />
<br />
<br />
<br />
for Windows platform : < !--#exec cmd="dir"-- ><br />
<br />
<br />
This can be used for destructive purpose also , as the commands are executed in root/admin previlage.<br />
<br />
Such as < !--#exec cmd="format c:"-- ><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
[[Category:Attack]]<br />
<br />
[[Category:Injection Attack]]</div>Thandermaxhttps://wiki.owasp.org/index.php?title=Code_Injection&diff=7912Code Injection2006-07-24T08:40:12Z<p>Thandermax: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
{{Template:Stub}}<br />
<br />
==Description==<br />
<br />
This article should cover attacks based on injecting code into a running application.<br />
<br />
==Examples ==<br />
<br />
If server side scripting is enabled in some address (such as guestbook , where user can insert data)<br />
then the SSI attack can be done.<br />
<br />
<br />
Such as :<br />
<br />
<!--#exec cmd="ls"--><br />
<br />
will show all the files in current directory is the server is on a UNIX/LINUX machine.<br />
<br />
<br />
<br />
for Windows platform : <!--#exec cmd="dir"--><br />
<br />
<br />
This can be used for destructive purpose also , as the commands are executed in root/admin previlage.<br />
<br />
Such as <!--#exec cmd="format c:"--><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
[[Category:Attack]]<br />
<br />
[[Category:Injection Attack]]</div>Thandermaxhttps://wiki.owasp.org/index.php?title=Detect_intrusions&diff=7911Detect intrusions2006-07-24T08:30:43Z<p>Thandermax: /* Categories */</p>
<hr />
<div>{{Template:Principle}}<br />
<br />
{{Template:Stub}}<br />
<br />
==Categories==<br />
<br />
[[Category:Principle]]<br />
<br />
'''Log All user access (IP,Username,Time ,web request etc..).'''<br />
<br />
If you do this ,then someday when your application /site is down/hacked you can trace the culprit and check what went wrong.<br />
<br />
You may ask , if the user uses an proxy , Though it will help. As "what happened" is logged and the exploit can be fixed more easily.</div>Thandermax