Chapter 4

Web Application Exploitation with Injection

Chapter Rundown:

■ SQL injection: the old dog still has plenty of bite

■ Popular SQL injection attacks: the how and why of SQLi

■ Controlling the web server’s operating system with O/S command injection

■ Web shells: hacking from the comfort of your browser

Introduction

A hacker can exploit code injection vulnerabilities by submitting well-crafted malicious input to cause the web application to perform unauthorized actions such as exposing sensitive authentication data (usernames and passwords) or executing system commands (adding rogue administrator accounts). Code injection attacks are the most damaging exploits that web applications face today by the fact that they impact a large number of users ...

Get The Basics of Web Hacking now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.