Chapter 5. Attacking the Server Using Injection-based Flaws
The most common flaw in web applications is the injection flaw. Interactive web application takes input from the user, processes it, and returns the output to the client. When the application is vulnerable to an injection flaw, it accepts input from the user with improper or no validation and processes it, which results in actions that the application did not desire to perform. The malicious input tricks the application, forcing the underlying components to perform tasks that the application was not programmed for. In other words, an injection flaw allows the attacker to control components of the application.
In this chapter, we will discuss the major injection flaws and cover the following topics:
- Command injection flaw
- Identifying injection points
- Tools to exploit command injection flaw
- SQL injection flaw
- Attack potential of the flaw
- Different tools in Kali Linux to exploit SQLi
An injection flaw is used to gain access to the...