This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Code Injection

From OWASP
Revision as of 08:40, 24 July 2006 by Thandermax (talk | contribs) (Examples)

Jump to: navigation, search
This is an Attack. To view all attacks, please see the Attack Category page. 


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Description

This article should cover attacks based on injecting code into a running application.

Examples

If server side scripting is enabled in some address (such as guestbook , where user can insert data) then the SSI attack can be done.


Such as :


will show all the files in current directory is the server is on a UNIX/LINUX machine.


for Windows platform :


This can be used for destructive purpose also , as the commands are executed in root/admin previlage.

Such as

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Retrieved from "https://wiki.owasp.org/index.php?title=Code_Injection&oldid=7912"