This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Direct Dynamic Code Evaluation ('Eval Injection')

Revision as of 19:40, 12 June 2006 by Weilin Zhong (talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This is an Attack. To view all attacks, please see the Attack Category page.

This vulnerabilty can be exploited by code injection attacks and should be fixed using appropriate input validation on user input. This vulnerability is so specific so the attack that is used to exploit this vulnerability, "Eval Injection", is described in the same page.

Related Attacks

Code Injection

Injection Attacks

Related Countermeasures

Input Validation

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.