IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [injection]

inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application. Is used only if there is no more specific injection tag available (see tag wiki)

Injection is inserting malicious content, usually code (like SQL, Javascript) into a vulnerable application.

Tag usage:

Should be used only for injection attacks where there is no more specific injection tag available.

426 questions
10
votes
8 answers

My ISP (BSNL India) is injecting ads using Phozeca which spoils websites and makes them unresponsive, can anything be done?

I've been recently having a problem where my ISP (BSNL India) has been injecting ads/weird Javascript Tracking codes onto my browser, making the website unusable and unresponsive. I've written an article regarding this too:…
HDG390x
  • 101
  • 1
  • 1
  • 5
8
votes
1 answer

Yahoo! Messenger injection attack

Just five minutes ago I had an injection attack through Yahoo! Messenger. The only visible effect was the change of my status message. I also got a dialog message saying that a script cannot continue running because the string was not terminated, or…
Paul Manta
  • 312
  • 1
  • 8
3
votes
3 answers

SMTP Header Injection

I'm trying to understand SMTP header injection. I'm using Python's SMTPLIB library to proto-type this vulnerability. Here is my code: import smtplib # create variables server = 'smtp.zoho.com' port = 587 to = 'recipient@test.com' user =…
Johnny_v
  • 31
  • 1
  • 3
3
votes
1 answer

Security implications of Suprocess executing with a active shell vs no shell

When we execute a subprocess such as the follows: sub_ret = subprocess.Popen(args,stdout=subprocess.PIPE,shell=True) This poses a security risk as it allows malicious users to inject commands via the args parameter. Would it be safer to use with…
Nitin_Ramesh
  • 137
  • 2
  • 10
2
votes
1 answer

Does anything gets written to disk when doing a DLL injection?

https://en.wikipedia.org/wiki/DLL_injection My question: When someone is doing a DLL injection does anything gets written to disk? Or the whole attack is just in Memory?
evachristine
  • 633
  • 5
  • 9
2
votes
1 answer

Can an average user protect himself against process injection at some level?

I downloaded a program called Process Monitor from Microsoft Store. I see suspicious IP addresses popping up among my cod.exe processes. Moreover, these suspicious IP addresses are communicating through the xbox port while I'm playing on PC. Also it…
kiec00
  • 39
  • 5
2
votes
2 answers

Injection of code into executable - Size question

Code injection is the process of injecting some malicious code into a legitimate binary. A lot of code injection projects that I have seen involve finding a large area of null bytes (\x00) in the .text section of the binary in order to inject…
Duke Nukem
  • 717
  • 3
  • 10
  • 21
1
vote
0 answers

My ISP is injecting a swf into my webpage. How legal is this?

I recently saw a pop-up, on a http page. It was the advertisement of some offers provided by the ISP. Here is the code:
user3852745
  • 11
  • 2
1
vote
0 answers

Secure public API

I'm building a mobile app that will use API created by me on my server. These API will be publicy exposed, but not publicy documented. I want to let the user to use the app without authentication for a faster user experience. Lets assume the purpose…
Stefano Giacone
  • 111
  • 2
1
vote
1 answer

Os command injection privileges

I have a question about privileges when performing an Operating system command injection. If an attacker succeeds in getting a reverse shell on a remote server through netcat (netcat -v -e '/bin/bash' -l -p 5550), does he/she have admin privileges…
user1990170
  • 35
  • 4
1
vote
0 answers

XPath injection remediations?

During a pentest we identified some indications of XPath injection, meaning we were able manipulate the HTTP request parameters with single quotes and logic (i.e. appending and 2=2) to derive various server responses. This software stack consists of…
user1880405
  • 263
  • 1
  • 4
  • 14
1
vote
1 answer

Is Server-Side Includes injection really common vulnerability?

Is Server-Side Includes injection really common vulnerability? And how can I detect it - is there some way like automatic tools or some kind of fingerprint test or do I have to just play with input?
Martin Sutovsky
  • 43
  • 3
1
vote
1 answer

Security category of command injection attacks?

To which (STRIDE/CIA+AAA) security category do command injection attack belong? Or is my question too simplistic? Does it depend on the specifics of the injection attack (trying to get at confidential information, trying to cause a denial of…
hkBst
  • 151
  • 3
1
vote
5 answers

Is code injection possible in any compiled or interpreted languages?

I am wondering if it is possible to make a code injection in compiled or interpreted languages? Is there any kind of attack vector in this area? Whit "code injection" I mean providing a code snippet as input that will be executed alongside with the…
Sig Touri
  • 171
  • 1
  • 6
0
votes
3 answers

Can isolated forms be dangerous for my server security?

I'm learning PHP and at the same time I write the examples that I get from the book to .php pages to test them and eventually publish them. My concern is about a bunch of forms that are there to test the codes; these are very basic forms that have…
user37769
1
2