Advertisement

HexaGuard: Mastering the Art of Digital Shadows

Injection Vulnerabilities

Hexa Guard March 10, 2025

injection attacks occur when an attacker provides input that the application does not handle safely. As a result, this input is executed as code or commands by the application, which can lead to significant security risks.

1. SQL Injection (SQLi)

SQL injection occurs when an attacker is able to manipulate an SQL query through untrusted user input. The subtypes include:

  • Error-based SQL Injection
    The attacker manipulates the query to produce errors that reveal information about the database structure (e.g., table names, column names).

  • Union-based SQL Injection
    The attacker uses the UNION SQL operator to combine the results of a malicious query with the original query, extracting data from other tables.

  • Blind SQL Injection
    In a blind SQL injection attack, no error messages are returned, and the attacker must infer information based on the application's response. There are two types:

    • Boolean-based Blind SQLi: The attacker modifies the query to return a true or false result, based on which the attacker can infer data.
    • Time-based Blind SQLi: The attacker uses a delay in the response time (using SLEEP() or similar commands) to infer whether the query is true or false.

  • Out-of-Band SQL Injection
    Occurs when the attacker is unable to get responses directly from the web application but can still retrieve data via alternative channels (e.g., DNS requests or HTTP requests).

2. Command Injection

Command injection occurs when an attacker is able to inject commands into the underlying system. The subtypes include:

  • Operating System Command Injection
    Injecting shell commands (e.g., Linux ls or Windows dir) that are executed on the server.

  • Remote Code Execution (RCE)
    Command injection where the attacker can execute arbitrary commands or code on the server, which can compromise the server’s security.

3. LDAP Injection

LDAP injection occurs when user input is included in an LDAP query, which can allow attackers to manipulate the query and gain unauthorized access. The subtypes include:

  • Authentication Bypass
    By injecting LDAP queries, attackers can bypass authentication mechanisms, allowing unauthorized access.

  • Information Disclosure
    Attackers can inject LDAP queries to access sensitive directory information, including user credentials, addresses, etc.

4. XML Injection

XML Injection occurs when XML data is improperly handled, allowing an attacker to inject malicious content. The subtypes include:

  • XML Document Injection
    Malicious XML elements or attributes are inserted into XML documents, potentially corrupting the document or affecting its processing.

  • XXE (XML External Entity) Injection
    An attacker exploits the way an XML parser handles external entities to gain access to sensitive internal resources or files on the server.

5. XPath Injection

XPath injection occurs when untrusted input is inserted into an XPath query. The subtypes include:

  • Authentication Bypass
    Attackers inject malicious XPath queries to bypass authentication checks and gain unauthorized access.

  • Data Extraction
    XPath injection can be used to access sensitive data stored in XML files or databases.

6. NoSQL Injection

NoSQL injection is similar to SQL injection but targets NoSQL databases like MongoDB, CouchDB, etc. The subtypes include:

  • Query Manipulation
    Malicious input can manipulate NoSQL queries to retrieve, modify, or delete unauthorized data from a NoSQL database.

  • Authentication Bypass
    An attacker can exploit NoSQL queries to bypass authentication mechanisms, allowing unauthorized access to user data or system resources.

7. OS Command Injection

OS Command Injection occurs when an attacker injects system-level commands into an application that executes operating system commands. The subtypes include:

  • Shell Command Injection
    The attacker executes shell commands on the server, often manipulating the file system, network configurations, or running arbitrary programs.

  • Insecure Command Execution
    Applications that dynamically generate command-line input are vulnerable if user input is not sanitized properly.

8. PHP Code Injection

PHP Code Injection occurs when user input is included in PHP scripts without validation, allowing attackers to inject and execute malicious PHP code. The subtypes include:

  • Dynamic Code Injection
    Attackers inject code into PHP scripts dynamically, which is executed on the server, compromising its functionality.

  • Malicious File Inclusion
    Attackers can inject file paths that include malicious PHP files that get executed on the server.

9. CRLF Injection

CRLF (Carriage Return Line Feed) Injection occurs when attackers inject newline characters (CRLF) into HTTP headers. The subtypes include:

  • HTTP Response Splitting
    By injecting CRLF characters, attackers can split an HTTP response, tricking the browser into interpreting it as two responses. This can lead to web cache poisoning or session fixation attacks.

  • Header Injection
    Malicious headers can be injected into the response, allowing attackers to perform actions like redirecting the user to a malicious site or altering cookie values.

10. Email Injection

Email Injection occurs when attackers inject malicious content into the email headers, usually via web forms. The subtypes include:

  • Spam Injection
    Attackers inject email addresses or messages into the “To” or “BCC” fields to send spam to many users without the site owner’s consent.

  • Malicious Payload Injection
    Attackers can inject harmful payloads into email bodies or headers to perform phishing or social engineering attacks.

11. HTML Injection

HTML Injection occurs when an attacker is able to inject HTML code into a page that is rendered by a browser. The subtypes include:

  • Stored HTML Injection
    The injected HTML code is saved and displayed on future requests, potentially allowing XSS attacks or page manipulation.

  • Reflected HTML Injection
    Malicious HTML content is reflected immediately in the HTTP response, causing it to execute in the user’s browser.

12. JavaScript Injection

JavaScript Injection involves injecting malicious JavaScript code into a web application. The subtypes include:

  • Cross-Site Scripting (XSS)
    The most common form of JavaScript injection, where an attacker injects malicious scripts into web pages viewed by other users. Types include:

    • Stored XSS
    • Reflected XSS
    • DOM-based XSS

  • DOM Manipulation
    The attacker injects JavaScript into the page that manipulates the DOM (Document Object Model), potentially altering the behavior or appearance of the page.

13. XML External Entity (XXE) Injection

XXE Injection occurs when an XML parser allows the inclusion of external entities. The subtypes include:

  • File Disclosure
    An attacker can access sensitive files on the server (e.g., /etc/passwd or other sensitive system files).

  • Denial of Service (DoS)
    By exploiting the XXE vulnerability, attackers can cause a DoS by making the server consume excessive resources or by causing infinite loops.

  • SSRF (Server Side Request Forgery)
    Attackers can exploit XXE to make the server send requests to internal systems, potentially accessing internal resources not directly exposed to the internet.

14. Buffer Overflow Injection

Buffer overflow vulnerabilities occur when an attacker writes more data to a buffer than it can handle, causing it to overwrite adjacent memory. The subtypes include:

  • Stack Buffer Overflow
    Malicious input overflows a stack buffer, potentially allowing the execution of arbitrary code.

  • Heap Buffer Overflow
    Malicious input overflows a heap buffer, which could corrupt memory and lead to code execution or data corruption.

15. Format String Injection

Format String Injection occurs when user input is included in format string functions (e.g., printf) without proper sanitization. The subtypes include:

  • Format String Exploits
    Attackers use format string specifiers (%x, %n, etc.) to read or write arbitrary memory locations, potentially leading to arbitrary code execution.

16. Shell Injection

Shell injection occurs when an attacker injects arbitrary commands into an application that interacts with the shell or operating system. The subtypes include:

  • Bash Injection
    This involves injecting shell commands into web applications that use Bash as the underlying shell.

  • Command Execution via CGI Scripts
    Attackers can inject shell commands through poorly secured CGI (Common Gateway Interface) scripts.


Hexa Guard

Posted by Hexa Guard

Hexa Guard is your go-to platform for mastering cybersecurity and ethical hacking. We specialize in providing educational resources, hands-on training, and cutting-edge security solutions to combat cyber threats. Our mission is to create a safer digital world by empowering individuals and organizations with practical skills and knowledge in ethical hacking, penetration testing, and red teaming. Join us to secure the future ethically—one step at a time! ����

Post a Comment

0 Comments