This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Code Injection"
From OWASP
Thandermax (talk | contribs) (→Examples) |
|||
| Line 8: | Line 8: | ||
==Examples == | ==Examples == | ||
| + | |||
| + | If server side scripting is enabled in some address (such as guestbook , where user can insert data) | ||
| + | then the SSI attack can be done. | ||
| + | |||
| + | |||
| + | Such as : | ||
| + | |||
| + | <!--#exec cmd="ls"--> | ||
| + | |||
| + | will show all the files in current directory is the server is on a UNIX/LINUX machine. | ||
| + | |||
| + | |||
| + | |||
| + | for Windows platform : <!--#exec cmd="dir"--> | ||
| + | |||
| + | |||
| + | This can be used for destructive purpose also , as the commands are executed in root/admin previlage. | ||
| + | |||
| + | Such as <!--#exec cmd="format c:"--> | ||
==Related Threats== | ==Related Threats== | ||
Revision as of 08:40, 24 July 2006
- This is an Attack. To view all attacks, please see the Attack Category page.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Description
This article should cover attacks based on injecting code into a running application.
Examples
If server side scripting is enabled in some address (such as guestbook , where user can insert data) then the SSI attack can be done.
Such as :
will show all the files in current directory is the server is on a UNIX/LINUX machine.
for Windows platform :
This can be used for destructive purpose also , as the commands are executed in root/admin previlage.
Such as
